Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Document.doc.scr.exe

Overview

General Information

Sample name:Document.doc.scr.exe
Analysis ID:1431996
MD5:6fd558cf3add096970e15d1e62ca1957
SHA1:78e95fabcfe8ef7bb6419f8456deccc3d5fa4c23
SHA256:41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898
Tags:BlackMatterexescr
Infos:

Detection

LockBit ransomware, TrojanRansom
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected LockBit ransomware
Yara detected TrojanRansom
Changes the wallpaper picture
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Deletes itself after installation
Found Tor onion address
Found potential ransomware demand text
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Overwrites Mozilla Firefox settings
Sample has a suspicious name (potential lure to open the executable)
Tries to harvest and steal browser information (history, passwords, etc)
Uses an obfuscated file name to hide its real file extension (double extension)
Writes many files with high entropy
Writes to foreign memory regions
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Enables security privileges
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Potentially Suspicious Desktop Background Change Via Registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • Document.doc.scr.exe (PID: 7344 cmdline: "C:\Users\user\Desktop\Document.doc.scr.exe" MD5: 6FD558CF3ADD096970E15D1E62CA1957)
    • splwow64.exe (PID: 7984 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
    • 53F6.tmp (PID: 4564 cmdline: "C:\ProgramData\53F6.tmp" MD5: 294E9F64CB1642DD89229FFF0592856B)
      • cmd.exe (PID: 5460 cmdline: "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\53F6.tmp >> NUL MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • ONENOTE.EXE (PID: 5776 cmdline: /insertdoc "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\{176D7C24-A4D1-46CD-8C67-F702A592CA85}.xps" 133585859721470000 MD5: 0061760D72416BCF5F2D9FA6564F0BEA)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Document.doc.scr.exeJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
    Document.doc.scr.exeWindows_Ransomware_Lockbit_369e1e94unknownunknown
    • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
    • 0x4bc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
    SourceRuleDescriptionAuthorStrings
    00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
      00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
        00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
        • 0x1841d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
        • 0xbc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
        00000000.00000000.1731561851.0000000000A31000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
          00000000.00000000.1731561851.0000000000A31000.00000020.00000001.01000000.00000003.sdmpWindows_Ransomware_Lockbit_369e1e94unknownunknown
          • 0x1841d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
          • 0xbc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
          Click to see the 2 entries
          SourceRuleDescriptionAuthorStrings
          0.0.Document.doc.scr.exe.a30000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
            0.0.Document.doc.scr.exe.a30000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
            • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
            • 0x4bc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...
            0.2.Document.doc.scr.exe.a30000.0.unpackJoeSecurity_LockBit_ransomwareYara detected LockBit ransomwareJoe Security
              0.2.Document.doc.scr.exe.a30000.0.unpackWindows_Ransomware_Lockbit_369e1e94unknownunknown
              • 0x1861d:$a2: 8B EC 53 56 57 33 C0 8B 5D 14 33 C9 33 D2 8B 75 0C 8B 7D 08 85 F6 74 33 55 8B 6D 10 8A 54 0D 00 02 D3 8A 5C 15 00 8A 54 1D 00
              • 0x4bc:$a3: 53 51 6A 01 58 0F A2 F7 C1 00 00 00 40 0F 95 C0 84 C0 74 09 0F C7 F0 0F C7 F2 59 5B C3 6A 07 58 33 C9 0F A2 F7 C3 00 00 04 00 0F 95 C0 84 C0 74 09 0F C7 F8 0F C7 FA 59 5B C3 0F 31 8B C8 C1 C9 ...

              System Summary

              barindex
              Source: Registry Key setAuthor: Nasreddine Bencherchali (Nextron Systems), Stephen Lincoln @slincoln-aiq (AttackIQ): Data: Details: C:\ProgramData\AAtvmKv4L.bmp, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Document.doc.scr.exe, ProcessId: 7344, TargetObject: HKEY_CURRENT_USER\Control Panel\Desktop\WallPaper
              No Snort rule has matched

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: Document.doc.scr.exeAvira: detected
              Source: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionAvira URL Cloud: Label: malware
              Source: C:\ProgramData\53F6.tmpAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
              Source: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionVirustotal: Detection: 12%Perma Link
              Source: C:\ProgramData\53F6.tmpReversingLabs: Detection: 83%
              Source: C:\ProgramData\53F6.tmpVirustotal: Detection: 83%Perma Link
              Source: Document.doc.scr.exeVirustotal: Detection: 80%Perma Link
              Source: Document.doc.scr.exeReversingLabs: Detection: 78%
              Source: Document.doc.scr.exeJoe Sandbox ML: detected
              Source: Document.doc.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Videos\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Searches\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Saved Games\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Recent\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Pictures\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Pictures\Saved Pictures\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Pictures\Camera Roll\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\OneDrive\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Music\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Links\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Favorites\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Favorites\Links\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Downloads\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\YPSIACHYXW\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\WUTJSCBCFX\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\SQRKHNBNYN\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\RAYHIWGKDI\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\MXPXCVPDVN\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\BPMLNOBVSB\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\YPSIACHYXW\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\WUTJSCBCFX\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\SQRKHNBNYN\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\RAYHIWGKDI\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\MXPXCVPDVN\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\BPMLNOBVSB\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Contacts\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Skype\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Skype\RootTools\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Headlights\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\d1702bdf-c0c8-42c3-b6d9-e52fd0a57b16\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\VirtualStore\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Low\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrocef_low\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Publishers\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\PeerDistRepub\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\BackgroundTransferApi\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{97b27011-f8cc-4ac9-9531-d6ee8ce92324}\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{76cc83ea-ae96-47fc-9329-459e5ad2d67b}\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{8ebe27d5-e6ff-49ad-b3fd-b01d486c3c97}\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: Document.doc.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: Document.doc.scr.exe, 00000000.00000003.1796524141.0000000000E76000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: gx.PDb source: CacheStorage.edb.AAtvmKv4L0.0.dr
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdby source: Document.doc.scr.exe, 00000000.00000003.1809469644.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1943421731.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1830447768.0000000000E58000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb) source: Document.doc.scr.exe, 00000000.00000003.1809469644.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1943421731.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1830447768.0000000000E58000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mi_exe_stub.pdb source: Document.doc.scr.exe, 00000000.00000003.1779755831.0000000001059000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\*HC source: Document.doc.scr.exe, 00000000.00000003.1809469644.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1818943854.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1796524141.0000000000E76000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A374BC FindFirstFileExW,FindNextFileW,0_2_00A374BC
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3A094 FindFirstFileExW,FindClose,0_2_00A3A094
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A35C24 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_00A35C24
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A37590 FindFirstFileExW,FindClose,0_2_00A37590
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3766C FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_00A3766C
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3F308 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_00A3F308
              Source: C:\ProgramData\53F6.tmpCode function: 8_2_0040227C FindFirstFileExW,8_2_0040227C
              Source: C:\ProgramData\53F6.tmpCode function: 8_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,8_2_0040152C
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A37468 GetLogicalDriveStringsW,GetDriveTypeW,0_2_00A37468
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Local\Temp\Diagnostics\Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Jump to behavior

              Networking

              barindex
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionin
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionT7%
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionicA70
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion]n7
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion57
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onional"7
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionic
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion]
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion]6
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionJ6+
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionw6
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.oniond6
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionc
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion>6
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionHC+6
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion3d8bbwe\RoamingState/
              Source: Document.doc.scr.exe, 00000000.00000002.2168315315.0000000000F6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: Document.doc.scr.exe, 00000000.00000002.2168315315.0000000000F6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: Document.doc.scr.exe, 00000000.00000002.2168315315.0000000000F6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: Document.doc.scr.exe, 00000000.00000003.2166183678.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: Document.doc.scr.exe, 00000000.00000003.2166183678.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: Document.doc.scr.exe, 00000000.00000003.2166183678.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: SPL1E5F.tmp.0.drString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: SPL1E5F.tmp.0.drString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: SPL1E5F.tmp.0.drString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
              Source: Document.doc.scr.exe, 00000000.00000003.1923569057.0000000000F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes
              Source: Document.doc.scr.exe, 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000002.2168315315.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.2166183678.0000000000E7F000.00000004.00000020.00020000.00000000.sdmp, SPL1E5F.tmp.0.drString found in binary or memory: http://lockbitapt.uz
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E7F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000002.2168315315.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.2166183678.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
              Source: SPL1E5F.tmp.0.drString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionHC
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onionic
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000002.2168315315.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.2166183678.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion3d8bbwe
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion57
              Source: SPL1E5F.tmp.0.drString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionT7%
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onional
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionc
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.oniond6
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionicA70
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000002.2168315315.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.2166183678.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
              Source: SPL1E5F.tmp.0.drString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionJ6
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionin
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionw6
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E7F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.2166183678.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lockbitsupp.uz
              Source: SPL1E5F.tmp.0.drString found in binary or memory: http://lockbitsupp.uzFFFFFFFFFFFFFFFFFFFFF
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: http://weather.service.msn.com/data.aspx
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://analysis.windows.net/powerbi/api
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.aadrm.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.aadrm.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.addins.store.office.com/app/query
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.cortana.ai
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.diagnostics.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.diagnosticssdf.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.microsoftstream.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.microsoftstream.com/api/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.office.net
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.onedrive.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://api.scheduler.
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://apis.live.net/v5.0/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://arc.msn.com/v4/api/selection
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://augloop.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://augloop.office.com/v2
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://autodiscover-s.outlook.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
              Source: Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://cdn.entity.
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://clients.config.office.net
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://clients.config.office.net/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://config.edge.skype.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://cortana.ai
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://cortana.ai/api
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://cr.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://d.docs.live.net
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://dataservice.o365filtering.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://dataservice.o365filtering.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://designerapp.officeapps.live.com/designerapp
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://dev.cortana.ai
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://devnull.onenote.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://directory.services.
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://ecs.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://ecs.office.com/config/v2/Office
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://edge.skype.com/registrar/prod
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://edge.skype.com/rps
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://enrichment.osi.office.net/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://entitlement.diagnostics.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
              Source: Document.doc.scr.exe, 00000000.00000003.1923569057.0000000000F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/
              Source: Document.doc.scr.exe, 00000000.00000003.1923569057.0000000000F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
              Source: Document.doc.scr.exe, 00000000.00000003.1923569057.0000000000F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Kinto/kinto-attachment/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://globaldisco.crm.dynamics.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://graph.ppe.windows.net
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://graph.ppe.windows.net/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://graph.windows.net
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://graph.windows.net/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://ic3.teams.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://incidents.diagnostics.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://inclient.store.office.com/gyro/client
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
              Source: Document.doc.scr.exe, 00000000.00000003.1919553135.0000000000EA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/top-sites/1/a1d7b2c5-93cf-4d19-ae34-02
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://invites.office.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://lifecycle.office.com
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://login.microsoftonline.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://login.microsoftonline.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://login.windows.local
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://make.powerautomate.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://management.azure.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://management.azure.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://messaging.action.office.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://messaging.engagement.office.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://messaging.lifecycle.office.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://messaging.office.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://my.microsoftpersonalcontent.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://ncus.contentsync.
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://ncus.pagecontentsync.
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://officeapps.live.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://officeci.azurewebsites.net/api/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://officepyservice.office.net/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://officepyservice.office.net/service.functionality
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://onedrive.live.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://onedrive.live.com/embed?
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://otelrules.azureedge.net
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://otelrules.svc.static.microsoft
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://outlook.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://outlook.office.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://outlook.office365.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://outlook.office365.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://outlook.office365.com/connectors
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://pages.store.office.com/review/query
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://powerlift.acompli.net
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://pushchannel.1drv.ms
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
              Source: Document.doc.scr.exe, 00000000.00000003.1923569057.0000000000F85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-settings.readthedocs.io
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://res.cdn.office.net
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.39
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://res.cdn.office.net/polymer/models
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://settings.outlook.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://shell.suite.office.com:1443
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://skyapi.live.net/Activity/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://staging.cortana.ai
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://store.office.cn/addinstemplate
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://store.office.de/addinstemplate
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://substrate.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F94000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F2F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1750847366.0000000000F23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F2F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1750847366.0000000000F23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://tasks.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://templatesmetadata.office.net/
              Source: Document.doc.scr.exe, 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tox./
              Source: Document.doc.scr.exe, 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tox.//
              Source: Document.doc.scr.exe, 00000000.00000003.1809469644.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1943421731.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1830447768.0000000000E58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tox.1
              Source: Document.doc.scr.exe, 00000000.00000003.1809469644.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1757524367.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1759171059.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1746644557.0000000000E9F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1943421731.0000000000E9F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1753147810.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1830447768.0000000000E9F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1746529908.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1796524141.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1830447768.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1757065641.0000000000E5F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1746798998.0000000000E9F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000002.2168214353.0000000000F4B000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1750736375.0000000000E9F000.00000004.00000020.00020000.00000000.sdmp, AAtvmKv4L.README.txt462.0.dr, AAtvmKv4L.README.txt490.0.dr, AAtvmKv4L.README.txt222.0.dr, AAtvmKv4L.README.txt11.0.dr, AAtvmKv4L.README.txt435.0.drString found in binary or memory: https://tox.chat/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://web.microsoftstream.com/video/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://webshell.suite.office.com
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://wus2.contentsync.
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://wus2.pagecontentsync.
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F94000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F2F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1750847366.0000000000F23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F2F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1750847366.0000000000F23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: Document.doc.scr.exe, 00000000.00000003.1750847366.0000000000F23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F2F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1750847366.0000000000F23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon-196x196.2af054fea211.png
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon.d25d81d39065.icox
              Source: Document.doc.scr.exe, 00000000.00000003.1750415562.0000000000F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://www.odwebp.svc.ms
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
              Source: BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drString found in binary or memory: https://www.yammer.com
              Source: Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/

              Spam, unwanted Advertisements and Ransom Demands

              barindex
              Source: C:\Users\user\AppData\Local\Packages\Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtDropped file: !! ALL YOUR FILES ARE ENCRYPTED !!!You can't restore them without our decryptor.Don't try to use any public tools, you could damage the files and lose them forever.To make sure our decryptor works, contact us and decrypt one file for free.Download TOX messenger: https://tox.chat/Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82Jump to dropped file
              Source: Yara matchFile source: Document.doc.scr.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.Document.doc.scr.exe.a30000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.Document.doc.scr.exe.a30000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000000.1731561851.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Document.doc.scr.exe PID: 7344, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: Document.doc.scr.exe PID: 7344, type: MEMORYSTR
              Source: C:\Users\user\Desktop\Document.doc.scr.exeKey value created or modified: HKEY_CURRENT_USER\Control Panel\Desktop WallPaper C:\ProgramData\AAtvmKv4L.bmpJump to behavior
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted
              Source: Document.doc.scr.exe, 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted
              Source: Document.doc.scr.exe, 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted{
              Source: Document.doc.scr.exe, 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encryptedg
              Source: Document.doc.scr.exe, 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted?
              Source: Document.doc.scr.exe, 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encryptedl
              Source: Document.doc.scr.exe, 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encryptede
              Source: Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : All your important files are stolen and encrypted!
              Source: Document.doc.scr.exe, 00000000.00000002.2168315315.0000000000F6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted
              Source: Document.doc.scr.exe, 00000000.00000003.2166183678.0000000000E7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory : Your data are stolen and encrypted
              Source: SPL1E5F.tmp.0.drString found in binary or memory : Your data are stolen and encryptedFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile moved: C:\Users\user\Desktop\WUTJSCBCFX\WUTJSCBCFX.docxJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile moved: C:\Users\user\Desktop\RAYHIWGKDI.jpgJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile moved: C:\Users\user\Desktop\ZTGJILHXQB.mp3Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile moved: C:\Users\user\Desktop\KZWFNRXYKI.pdfJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile moved: C:\Users\user\Desktop\WUTJSCBCFX\ZBEDCJPBEY.pngJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_AdministrativeTools.AAtvmKv4L entropy: 7.99400135218Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Shell_RunDialog.AAtvmKv4L entropy: 7.99595948157Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_RemoteDesktop.AAtvmKv4L entropy: 7.99444613918Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Photos_8wekyb3d8bbwe!App.AAtvmKv4L entropy: 7.99363956245Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_MediaPlayer32.AAtvmKv4L entropy: 7.99517241003Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer.AAtvmKv4L entropy: 7.99515647635Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel.AAtvmKv4L entropy: 7.99578116514Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Computer.AAtvmKv4L entropy: 7.99507227825Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_magnify_exe.AAtvmKv4L entropy: 7.99529174796Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_iscsicpl_exe.AAtvmKv4L entropy: 7.99444375509Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_dfrgui_exe.AAtvmKv4L entropy: 7.99560741652Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.AAtvmKv4L entropy: 7.99476913246Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cmd_exe.AAtvmKv4L entropy: 7.99489408073Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_cleanmgr_exe.AAtvmKv4L entropy: 7.99499716624Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe.AAtvmKv4L entropy: 7.99483761123Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\MSEdge.AAtvmKv4L entropy: 7.9948270947Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_quickassist_exe.AAtvmKv4L entropy: 7.9947451813Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_psr_exe.AAtvmKv4L entropy: 7.9957729476Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_printmanagement_msc.AAtvmKv4L entropy: 7.99457618894Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_osk_exe.AAtvmKv4L entropy: 7.9952410169Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_odbcad32_exe.AAtvmKv4L entropy: 7.99451376342Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_notepad_exe.AAtvmKv4L entropy: 7.99560750635Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_narrator_exe.AAtvmKv4L entropy: 7.99453130868Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_mspaint_exe.AAtvmKv4L entropy: 7.99463439638Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe.AAtvmKv4L entropy: 7.99497688774Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msconfig_exe.AAtvmKv4L entropy: 7.99454999429Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_MdSched_exe.AAtvmKv4L entropy: 7.99538163167Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Common Files_Microsoft Shared_Ink_mip_exe.AAtvmKv4L entropy: 7.99576688857Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Adobe_Acrobat DC_Acrobat_Acrobat_exe.AAtvmKv4L entropy: 7.9954648233Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7zFM_exe.AAtvmKv4L entropy: 7.99531155715Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_7-Zip_7-zip_chm.AAtvmKv4L entropy: 7.99501029837Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_PowerShell_ISE_exe.AAtvmKv4L entropy: 7.99495073068Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_powershell_exe.AAtvmKv4L entropy: 7.99549371404Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WF_msc.AAtvmKv4L entropy: 7.99524036268Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WFS_exe.AAtvmKv4L entropy: 7.99538221777Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe.AAtvmKv4L entropy: 7.99539118694Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc.AAtvmKv4L entropy: 7.99534376836Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_RecoveryDrive_exe.AAtvmKv4L entropy: 7.9949300661Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Examples.AAtvmKv4L entropy: 7.99496620247Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt_chm.AAtvmKv4L entropy: 7.9947838983Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoItX_AutoItX_chm.AAtvmKv4L entropy: 7.99414540962Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_x64_exe.AAtvmKv4L entropy: 7.99589160659Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt3_exe.AAtvmKv4L entropy: 7.99513586755Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_AutoIt v3 Website_url.AAtvmKv4L entropy: 7.99574436068Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_x64_exe.AAtvmKv4L entropy: 7.99486617688Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Aut2Exe_Aut2exe_exe.AAtvmKv4L entropy: 7.99429622556Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_x64_exe.AAtvmKv4L entropy: 7.99476956451Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Au3Info_exe.AAtvmKv4L entropy: 7.99470183132Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Windows NT_Accessories_wordpad_exe.AAtvmKv4L entropy: 7.99484973735Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{F38BF404-1D43-42F2-9305-67DE0B28FC23}_regedit_exe.AAtvmKv4L entropy: 7.99537878186Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_PowerShell_ISE_exe.AAtvmKv4L entropy: 7.99462927859Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_WindowsPowerShell_v1_0_powershell_exe.AAtvmKv4L entropy: 7.9952995524Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}_odbcad32_exe.AAtvmKv4L entropy: 7.99537332545Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Java_jre-1_8_bin_javacpl_exe.AAtvmKv4L entropy: 7.99448628818Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_SciTE_SciTE_exe.AAtvmKv4L entropy: 7.99565552423Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_AutoIt3_Extras.AAtvmKv4L entropy: 7.99448976329Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbtmp.log.AAtvmKv4L entropy: 7.99969227239Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs.AAtvmKv4L entropy: 7.99969184693Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edbres00001.jrs.AAtvmKv4L entropy: 7.99964970121Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb00001.log.AAtvmKv4L entropy: 7.99965687963Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\edb.log.AAtvmKv4L entropy: 7.99968092568Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1.AAtvmKv4L entropy: 7.9992234089Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\index.AAtvmKv4L entropy: 7.99921812369Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.AAtvmKv4L entropy: 7.99931533609Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei.AAtvmKv4L entropy: 7.9929533525Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl.AAtvmKv4L entropy: 7.99655080066Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\index.AAtvmKv4L entropy: 7.99933307649Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user\ActivitiesCache.db-shm.AAtvmKv4L entropy: 7.99437068039Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.AAtvmKv4L entropy: 7.99833965086Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl.AAtvmKv4L entropy: 7.99730714817Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.AAtvmKv4L entropy: 7.99404167431Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.AAtvmKv4L entropy: 7.99936776522Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\314559\5091e1ba9bca4548a55e05605447918b_1.AAtvmKv4L entropy: 7.99563878065Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\314559\71dd91a867a24f4a8b8f55514985d2cc_1.AAtvmKv4L entropy: 7.99594238689Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl.AAtvmKv4L entropy: 7.99768957129Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl.AAtvmKv4L entropy: 7.99701754963Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat.AAtvmKv4L entropy: 7.99916136396Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst.AAtvmKv4L entropy: 7.99915198219Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages.AAtvmKv4L entropy: 7.99810151615Jump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\notificationsDB.AAtvmKv4L entropy: 7.99299560171Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\Document.doc.scr.exe entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\AAAAAAAAAAAAAAAAAAAA (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\BBBBBBBBBBBBBBBBBBBB (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\CCCCCCCCCCCCCCCCCCCC (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\DDDDDDDDDDDDDDDDDDDD (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\EEEEEEEEEEEEEEEEEEEE (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\FFFFFFFFFFFFFFFFFFFF (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\GGGGGGGGGGGGGGGGGGGG (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\HHHHHHHHHHHHHHHHHHHH (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\IIIIIIIIIIIIIIIIIIII (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\JJJJJJJJJJJJJJJJJJJJ (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\KKKKKKKKKKKKKKKKKKKK (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\LLLLLLLLLLLLLLLLLLLL (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\MMMMMMMMMMMMMMMMMMMM (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\NNNNNNNNNNNNNNNNNNNN (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\OOOOOOOOOOOOOOOOOOOO (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\PPPPPPPPPPPPPPPPPPPP (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\QQQQQQQQQQQQQQQQQQQQ (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\RRRRRRRRRRRRRRRRRRRR (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\SSSSSSSSSSSSSSSSSSSS (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\TTTTTTTTTTTTTTTTTTTT (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\UUUUUUUUUUUUUUUUUUUU (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\VVVVVVVVVVVVVVVVVVVV (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\WWWWWWWWWWWWWWWWWWWW (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\XXXXXXXXXXXXXXXXXXXX (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\YYYYYYYYYYYYYYYYYYYY (copy) entropy: 7.99686968343Jump to dropped file
              Source: C:\ProgramData\53F6.tmpFile created: C:\Users\user\Desktop\ZZZZZZZZZZZZZZZZZZZZ (copy) entropy: 7.99686968343Jump to dropped file

              System Summary

              barindex
              Source: Document.doc.scr.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 0.0.Document.doc.scr.exe.a30000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 0.2.Document.doc.scr.exe.a30000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: 00000000.00000000.1731561851.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 Author: unknown
              Source: initial sampleStatic PE information: Filename: Document.doc.scr.exe
              Source: Document.doc.scr.exeStatic file information: Suspicious name
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A404B4 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_00A404B4
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A39880 NtClose,0_2_00A39880
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A36C98 NtQueryInformationToken,0_2_00A36C98
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A47034 CreateThread,CreateThread,CreateThread,CreateThread,NtTerminateThread,CreateThread,CreateThread,0_2_00A47034
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3DC60 NtTerminateProcess,0_2_00A3DC60
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3B470 NtProtectVirtualMemory,0_2_00A3B470
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3B444 NtSetInformationThread,0_2_00A3B444
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3E1E8 CreateThread,NtClose,0_2_00A3E1E8
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3A68C GetVolumeNameForVolumeMountPointW,FindFirstVolumeW,GetVolumePathNamesForVolumeNameW,GetDriveTypeW,CreateFileW,DeviceIoControl,NtClose,0_2_00A3A68C
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A36668 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,0_2_00A36668
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3B674 NtQueryInformationToken,0_2_00A3B674
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3DE78 SetThreadPriority,ReadFile,WriteFile,WriteFile,NtClose,0_2_00A3DE78
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A37E58 NtQuerySystemInformation,Sleep,0_2_00A37E58
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3C3F8 CreateFileW,WriteFile,RegCreateKeyExW,RegSetValueExW,RegCreateKeyExW,RegSetValueExW,SHChangeNotify,NtClose,0_2_00A3C3F8
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3B3C0 NtSetInformationThread,NtClose,0_2_00A3B3C0
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A397D8 NtQuerySystemInformation,0_2_00A397D8
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3B734 NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,0_2_00A3B734
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A38F68 RtlAdjustPrivilege,NtSetInformationThread,0_2_00A38F68
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3982A NtQuerySystemInformation,0_2_00A3982A
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A39811 NtQuerySystemInformation,0_2_00A39811
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A37EA3 NtQuerySystemInformation,Sleep,0_2_00A37EA3
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A37E8A NtQuerySystemInformation,Sleep,0_2_00A37E8A
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A38F66 RtlAdjustPrivilege,NtSetInformationThread,0_2_00A38F66
              Source: C:\ProgramData\53F6.tmpCode function: 8_2_00402760 CreateFileW,ReadFile,NtClose,8_2_00402760
              Source: C:\ProgramData\53F6.tmpCode function: 8_2_0040286C NtSetInformationProcess,NtSetInformationProcess,NtSetInformationProcess,8_2_0040286C
              Source: C:\ProgramData\53F6.tmpCode function: 8_2_00402F18 CreateFileW,NtAllocateVirtualMemory,WriteFile,SetFilePointerEx,SetFilePointerEx,NtFreeVirtualMemory,NtClose,DeleteFileW,8_2_00402F18
              Source: C:\ProgramData\53F6.tmpCode function: 8_2_00401DC2 NtProtectVirtualMemory,8_2_00401DC2
              Source: C:\ProgramData\53F6.tmpCode function: 8_2_00401D94 NtSetInformationThread,8_2_00401D94
              Source: C:\ProgramData\53F6.tmpCode function: 8_2_004016B4 NtAllocateVirtualMemory,NtAllocateVirtualMemory,8_2_004016B4
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3A68C: GetVolumeNameForVolumeMountPointW,FindFirstVolumeW,GetVolumePathNamesForVolumeNameW,GetDriveTypeW,CreateFileW,DeviceIoControl,NtClose,0_2_00A3A68C
              Source: C:\Windows\splwow64.exeFile created: C:\Windows\system32\spool\PRINTERS\00002.SPL
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A320AC0_2_00A320AC
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A380B80_2_00A380B8
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A34D030_2_00A34D03
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A34D080_2_00A34D08
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A352180_2_00A35218
              Source: Joe Sandbox ViewDropped File: C:\ProgramData\53F6.tmp 917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess token adjusted: Security
              Source: Document.doc.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: Document.doc.scr.exe, type: SAMPLEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 0.0.Document.doc.scr.exe.a30000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 0.2.Document.doc.scr.exe.a30000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 00000000.00000000.1731561851.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Lockbit_369e1e94 reference_sample = d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee, os = windows, severity = x86, creation_date = 2022-07-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Lockbit, fingerprint = 9cf4c112c0ee708ae64052926681e8351f1ccefeb558c41e875dbd9e4bdcb5f2, id = 369e1e94-3fbb-4828-bb78-89d26e008105, last_modified = 2022-07-18
              Source: 53F6.tmp.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: classification engineClassification label: mal100.rans.phis.spyw.evad.winEXE@9/1663@0/0
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\AAtvmKv4L.README.txtJump to behavior
              Source: C:\ProgramData\53F6.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{649F4E29-16CB-DD42-8922-9FFF0592856B}
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7388:120:WilError_03
              Source: C:\Users\user\Desktop\Document.doc.scr.exeMutant created: \Sessions\1\BaseNamedObjects\Global\7723475ee2c5f8bf2c46c08450dc02e5
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Windows\splwow64.exeFile read: C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\SendToOneNote-manifest.ini
              Source: C:\Users\user\Desktop\Document.doc.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: Document.doc.scr.exeVirustotal: Detection: 80%
              Source: Document.doc.scr.exeReversingLabs: Detection: 78%
              Source: unknownProcess created: C:\Users\user\Desktop\Document.doc.scr.exe "C:\Users\user\Desktop\Document.doc.scr.exe"
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess created: C:\ProgramData\53F6.tmp "C:\ProgramData\53F6.tmp"
              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE /insertdoc "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\{176D7C24-A4D1-46CD-8C67-F702A592CA85}.xps" 133585859721470000
              Source: C:\ProgramData\53F6.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\53F6.tmp >> NUL
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess created: C:\ProgramData\53F6.tmp "C:\ProgramData\53F6.tmp"Jump to behavior
              Source: C:\ProgramData\53F6.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\53F6.tmp >> NUL
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: logoncli.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: activeds.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: gpedit.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: dssec.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: dsuiext.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: dsrole.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: ntdsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: authz.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: adsldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: mscms.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: coloradapterclient.dllJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\ProgramData\53F6.tmpSection loaded: apphelp.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: rstrtmgr.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: ncrypt.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: ntasn1.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: windows.storage.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: wldp.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: kernel.appcore.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: uxtheme.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: propsys.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: profapi.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: edputil.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: urlmon.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: iertutil.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: srvcli.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: netutils.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: windows.staterepositoryps.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: sspicli.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: wintypes.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: appresolver.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: bcp47langs.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: slc.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: userenv.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: sppc.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: onecorecommonproxystub.dll
              Source: C:\ProgramData\53F6.tmpSection loaded: onecoreuapcommonproxystub.dll
              Source: C:\Users\user\Desktop\Document.doc.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB8555CC-9128-11D1-AD9B-00C04FD8FDFF}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\desktop.iniJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
              Source: Document.doc.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Document.doc.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: Document.doc.scr.exe, 00000000.00000003.1796524141.0000000000E76000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: gx.PDb source: CacheStorage.edb.AAtvmKv4L0.0.dr
              Source: Binary string: \\?\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdby source: Document.doc.scr.exe, 00000000.00000003.1809469644.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1943421731.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1830447768.0000000000E58000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb) source: Document.doc.scr.exe, 00000000.00000003.1809469644.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1943421731.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1830447768.0000000000E58000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: mi_exe_stub.pdb source: Document.doc.scr.exe, 00000000.00000003.1779755831.0000000001059000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\*HC source: Document.doc.scr.exe, 00000000.00000003.1809469644.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1818943854.0000000000E76000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1796524141.0000000000E76000.00000004.00000020.00020000.00000000.sdmp
              Source: 53F6.tmp.0.drStatic PE information: real checksum: 0x8fd0 should be: 0x4f26
              Source: Document.doc.scr.exeStatic PE information: real checksum: 0x2554e should be: 0x3ad8c
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A361ED push esp; retf 0_2_00A361F6
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A335D3 push 0000006Ah; retf 0_2_00A33644
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A335D5 push 0000006Ah; retf 0_2_00A33644
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3356B push 0000006Ah; retf 0_2_00A33644
              Source: 53F6.tmp.0.drStatic PE information: section name: .text entropy: 7.985216639497568
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\ProgramData\53F6.tmpJump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\ProgramData\53F6.tmpJump to dropped file
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Videos\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Searches\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Saved Games\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Recent\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Pictures\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Pictures\Saved Pictures\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Pictures\Camera Roll\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\OneDrive\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Music\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Links\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Favorites\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Favorites\Links\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Downloads\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\YPSIACHYXW\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\WUTJSCBCFX\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\SQRKHNBNYN\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\RAYHIWGKDI\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\MXPXCVPDVN\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Documents\BPMLNOBVSB\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\YPSIACHYXW\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\WUTJSCBCFX\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\SQRKHNBNYN\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\RAYHIWGKDI\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\MXPXCVPDVN\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Desktop\BPMLNOBVSB\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\Contacts\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Skype\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Skype\RootTools\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending Pings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Extensions\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\f2eb6c79-671d-4de2-b7be-3b2eea7abc47\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\6d9d9777-7ded-4768-8191-9a707d72b009\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\61f56613-c62c-4b17-84dd-62b60d5776aa\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\com.adobe.dunamis\56079431-ea46-4833-94f9-1ff5658cdb1c\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\RTTransfer\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\LogTransport2\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Linguistics\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Headlights\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Linguistics\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\d1702bdf-c0c8-42c3-b6d9-e52fd0a57b16\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\assets\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\DesktopNotification\NotificationsDB\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\VirtualStore\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\mozilla-temp-files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Low\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrocef_low\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\SolidDocuments\Acrobat\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Publishers\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\SettingsContainer\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Microsoft.WindowsAlarms\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Licenses\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Publishers\8wekyb3d8bbwe\Fonts\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\PlaceholderTileLogoFolder\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\PeerDistRepub\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalState\DiagOutputDir\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\BackgroundTransferApi\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.WindowsAlarms_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\Flighting\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{97b27011-f8cc-4ac9-9531-d6ee8ce92324}\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{76cc83ea-ae96-47fc-9329-459e5ad2d67b}\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{0f31ce30-ed3d-4588-b294-208da23711e6}\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{8ebe27d5-e6ff-49ad-b3fd-b01d486c3c97}\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{2c33d893-bc92-487f-aede-304ebfc79509}\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\Indexed DB\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\TempState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\SystemAppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\RoamingState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalState\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\LocalCache\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AppData\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\AC\Temp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\AAtvmKv4L.README.txtJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Source: C:\ProgramData\53F6.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\53F6.tmp >> NUL
              Source: C:\ProgramData\53F6.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\53F6.tmp >> NUL
              Source: Possible double extension: doc.scrStatic PE information: Document.doc.scr.exe
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A391C8 RegCreateKeyExW,RegEnumKeyW,RegCreateKeyExW,RegSetValueExW,RegSetValueExW,OpenEventLogW,ClearEventLogW,RegCreateKeyExW,RegEnumKeyW,OpenEventLogW,ClearEventLogW,0_2_00A391C8
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
              Source: C:\ProgramData\53F6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\ProgramData\53F6.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A310BC 0_2_00A310BC
              Source: C:\ProgramData\53F6.tmpCode function: 8_2_00401E28 8_2_00401E28
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A310BC rdtsc 0_2_00A310BC
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A374BC FindFirstFileExW,FindNextFileW,0_2_00A374BC
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3A094 FindFirstFileExW,FindClose,0_2_00A3A094
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A35C24 FindFirstFileW,FindClose,FindNextFileW,FindClose,0_2_00A35C24
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A37590 FindFirstFileExW,FindClose,0_2_00A37590
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3766C FindFirstFileExW,GetFileAttributesW,FindNextFileW,0_2_00A3766C
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A3F308 GetFileAttributesW,SetThreadPriority,FindFirstFileExW,FindNextFileW,FindClose,0_2_00A3F308
              Source: C:\ProgramData\53F6.tmpCode function: 8_2_0040227C FindFirstFileExW,8_2_0040227C
              Source: C:\ProgramData\53F6.tmpCode function: 8_2_0040152C FindFirstFileExW,FindClose,FindNextFileW,FindClose,8_2_0040152C
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A37468 GetLogicalDriveStringsW,GetDriveTypeW,0_2_00A37468
              Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Local\Temp\Diagnostics\Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\Jump to behavior
              Source: Document.doc.scr.exe, 00000000.00000003.1783904374.0000000000FEC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 10/04/2023 10:58:22.220EXCEL (0x18B4)0x88CMicrosoft ExcelTelemetry Eventb7vzqMediumSendEvent {"EventName":"Office.System.SystemHealthMetadataDeviceConsolidated","Flags":33777031581908737,"InternalSequenceNumber":111,"Time":"2023-10-04T10:58:21.709Z","Rule":"120600.4","Contract":"Office.Legacy.Metadata","Data.ProcTypeText":"x64","Data.ProcessorCount":2,"Data.NumProcShareSingleCore":1,"Data.NumProcShareSingleCache":1,"Data.NumProcPhysCores":2,"Data.ProcSpeedMHz":2000,"Data.IsLaptop":false,"Data.IsTablet":false,"Data.RamMB":4096,"Data.PowerPlatformRole":1,"Data.SysVolSizeMB":50000,"Data.DeviceManufacturer":"VMWare, Inc.","Data.DeviceModel":"VMware20,1","Data.DigitizerInfo":0,"Data.SusClientId":"097C77FB-5D5D-4868-860B-09F4E5B50A53","Data.WindowsSqmMachineId":"92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","Data.ComputerSystemProductUuidHash":"rC2kkStHpWGLvfAgmQZRz4w5ixE=","Data.DeviceProcessorModel":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","Data.HasSpectreFix":true,"Data.BootDiskType":"SSD"}
              Source: Document.doc.scr.exe, 00000000.00000003.1777343255.0000000000FBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 10/04/2023 10:55:35.770OFFICECL (0x1988)0x75cTelemetry EventbiyhqMediumSendEvent {"EventName": "Office.System.SystemHealthMetadataDeviceConsolidated", "Flags": 33777031581908737, "InternalSequenceNumber": 21, "Time": "2023-10-04T09:55:05Z", "Rule": "120600.4", "AriaTenantToken": "cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521", "Contract": "Office.Legacy.Metadata", "Data.ProcTypeText": "x64", "Data.ProcessorCount": 2, "Data.NumProcShareSingleCore": 1, "Data.NumProcShareSingleCache": 1, "Data.NumProcPhysCores": 2, "Data.ProcSpeedMHz": 2000, "Data.IsLaptop": false, "Data.IsTablet": false, "Data.RamMB": 4096, "Data.PowerPlatformRole": 1, "Data.SysVolSizeMB": 50000, "Data.DeviceManufacturer": "VMWare, Inc.", "Data.DeviceModel": "VMware20,1", "Data.DigitizerInfo": 0, "Data.SusClientId": "097C77FB-5D5D-4868-860B-09F4E5B50A53", "Data.WindowsSqmMachineId": "92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A", "Data.ComputerSystemProductUuidHash": "rC2kkStHpWGLvfAgmQZRz4w5ixE=", "Data.DeviceProcessorModel": "Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "Data.HasSpectreFix": true, "Data.BootDiskType": "SSD"}
              Source: 1435a377-bbaf-4c9c-8706-0811a779fa3f.AAtvmKv4L.0.drBinary or memory string: SVMCI
              Source: Document.doc.scr.exe, 00000000.00000003.1933723936.0000000000F1B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,1
              Source: Document.doc.scr.exe, 00000000.00000003.1778002182.0000000000EC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 10/04/2023 11:53:18.526OFFICECL (0x1db0)0x1dd4Telemetry EventbiyhqMediumSendEvent {"EventName": "Office.System.SystemHealthMetadataDeviceConsolidated", "Flags": 33777031581908737, "InternalSequenceNumber": 17, "Time": "2023-10-04T10:52:48Z", "Rule": "120600.4", "AriaTenantToken": "cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521", "Contract": "Office.Legacy.Metadata", "Data.ProcTypeText": "x64", "Data.ProcessorCount": 2, "Data.NumProcShareSingleCore": 1, "Data.NumProcShareSingleCache": 1, "Data.NumProcPhysCores": 2, "Data.ProcSpeedMHz": 2000, "Data.IsLaptop": false, "Data.IsTablet": false, "Data.RamMB": 4096, "Data.PowerPlatformRole": 1, "Data.SysVolSizeMB": 50000, "Data.DeviceManufacturer": "VMWare, Inc.", "Data.DeviceModel": "VMware20,1", "Data.DigitizerInfo": 0, "Data.SusClientId": "097C77FB-5D5D-4868-860B-09F4E5B50A53", "Data.WindowsSqmMachineId": "92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A", "Data.ComputerSystemProductUuidHash": "rC2kkStHpWGLvfAgmQZRz4w5ixE=", "Data.DeviceProcessorModel": "Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "Data.HasSpectreFix": true, "Data.BootDiskType": "SSD"}
              Source: Document.doc.scr.exe, 00000000.00000003.1778002182.0000000000EC4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 10/04/2023 11:57:12.660OFFICECL (0x648)0x1fe0Telemetry EventbiyhqMediumSendEvent {"EventName": "Office.System.SystemHealthMetadataDeviceConsolidated", "Flags": 33777031581908737, "InternalSequenceNumber": 20, "Time": "2023-10-04T10:57:11Z", "Rule": "120600.4", "AriaTenantToken": "cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521", "Contract": "Office.Legacy.Metadata", "Data.ProcTypeText": "x64", "Data.ProcessorCount": 2, "Data.NumProcShareSingleCore": 1, "Data.NumProcShareSingleCache": 1, "Data.NumProcPhysCores": 2, "Data.ProcSpeedMHz": 2000, "Data.IsLaptop": false, "Data.IsTablet": false, "Data.RamMB": 4096, "Data.PowerPlatformRole": 1, "Data.SysVolSizeMB": 50000, "Data.DeviceManufacturer": "VMWare, Inc.", "Data.DeviceModel": "VMware20,1", "Data.DigitizerInfo": 0, "Data.SusClientId": "097C77FB-5D5D-4868-860B-09F4E5B50A53", "Data.WindowsSqmMachineId": "92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A", "Data.ComputerSystemProductUuidHash": "rC2kkStHpWGLvfAgmQZRz4w5ixE=", "Data.DeviceProcessorModel": "Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz", "Data.HasSpectreFix": true, "Data.BootDiskType": "SSD"}
              Source: Document.doc.scr.exe, 00000000.00000003.1783904374.0000000000FEC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 10/04/2023 10:58:38.204EXCEL (0x1F28)0x1DB0Microsoft ExcelTelemetry Eventb7vzqMediumSendEvent {"EventName":"Office.System.SystemHealthMetadataDeviceConsolidated","Flags":33777031581908737,"InternalSequenceNumber":92,"Time":"2023-10-04T10:58:38.014Z","Rule":"120600.4","Contract":"Office.Legacy.Metadata","Data.ProcTypeText":"x64","Data.ProcessorCount":2,"Data.NumProcShareSingleCore":1,"Data.NumProcShareSingleCache":1,"Data.NumProcPhysCores":2,"Data.ProcSpeedMHz":2000,"Data.IsLaptop":false,"Data.IsTablet":false,"Data.RamMB":4096,"Data.PowerPlatformRole":1,"Data.SysVolSizeMB":50000,"Data.DeviceManufacturer":"VMWare, Inc.","Data.DeviceModel":"VMware20,1","Data.DigitizerInfo":0,"Data.SusClientId":"097C77FB-5D5D-4868-860B-09F4E5B50A53","Data.WindowsSqmMachineId":"92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","Data.ComputerSystemProductUuidHash":"rC2kkStHpWGLvfAgmQZRz4w5ixE=","Data.DeviceProcessorModel":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","Data.HasSpectreFix":true,"Data.BootDiskType":"SSD"}
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess information queried: ProcessInformation

              Anti Debugging

              barindex
              Source: C:\Users\user\Desktop\Document.doc.scr.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\ProgramData\53F6.tmpThread information set: HideFromDebugger
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A310BC rdtsc 0_2_00A310BC
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A35A20 LdrLoadDll,0_2_00A35A20
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess token adjusted: Debug

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: C:\Users\user\Desktop\Document.doc.scr.exeMemory written: C:\ProgramData\53F6.tmp base: 401000Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeProcess created: C:\ProgramData\53F6.tmp "C:\ProgramData\53F6.tmp"Jump to behavior
              Source: C:\ProgramData\53F6.tmpProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\53F6.tmp >> NUL
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A310BC cpuid 0_2_00A310BC
              Source: C:\ProgramData\53F6.tmpCode function: EntryPoint,ExitProcess,GetModuleHandleW,GetCommandLineW,GetModuleHandleA,GetCommandLineW,GetLocaleInfoW,GetLastError,FreeLibrary,FreeLibrary,GetProcAddress,CreateWindowExW,DefWindowProcW,GetWindowTextW,LoadMenuW,LoadMenuW,DefWindowProcW,SetTextColor,GetTextCharset,TextOutW,SetTextColor,GetTextColor,CreateFontW,GetTextColor,CreateDIBitmap,SelectObject,GetTextColor,CreateFontW,8_2_00403983
              Source: C:\Users\user\Desktop\Document.doc.scr.exeCode function: 0_2_00A404B4 GetTempFileNameW,CreateFileW,WriteFile,CreateProcessW,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,CreateNamedPipeW,ResumeThread,ConnectNamedPipe,0_2_00A404B4

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removed\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporary\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmp\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\db\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events\AAtvmKv4L.README.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile written: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups\AAtvmKv4L.README.txtJump to behavior

              Stealing of Sensitive Information

              barindex
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extension-preferences.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829702.cde8135c-88c3-4c34-8670-7ef017742548.new-profile.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\background-updateJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\15f01145-7764-450b-9ad5-323693350a9c.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834606.011115ff-9301-40fc-805e-ba07b7fdfce4.event.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834620.c7889da7-33f0-4599-8452-58d47c58437b.main.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\events.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829744.7278f154-e8f4-4235-84c5-c5c1c6af0084.main.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\1435a377-bbaf-4c9c-8706-0811a779fa3fJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\.metadata-v2Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829744.7278f154-e8f4-4235-84c5-c5c1c6af0084.main.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\808127e8-e7ed-4078-b3f3-7f09061a011fJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\times.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834580.6fc53411-ad83-4cf6-a5f6-905f0f3f52e8.health.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\1d5599c8-3f43-42cc-8163-9a43c60a06d1.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857833.45e26519-596d-41a5-b290-e547b44111fd.health.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857860.81ddb4cc-1d49-45f2-961f-e24ea6db2be5.health.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\3a40aaf9-3f8b-43a2-85e8-88e3ffc7666f.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834608.65054280-9d54-477d-a3ea-afcb1f88e001.health.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\Telemetry.FailedProfileLocks.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\12f997af-c065-4562-b9f6-11000bb95c9bJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\45e26519-596d-41a5-b290-e547b44111fd.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\1d5599c8-3f43-42cc-8163-9a43c60a06d1Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834580.6fc53411-ad83-4cf6-a5f6-905f0f3f52e8.health.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829737.9f7a5e7a-2be0-4ff7-b132-b1f6e59a8e58.event.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\compatibility.iniJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\AlternateServices.txt.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857869.95af30ae-acac-4802-b983-233d7fd3cf34.main.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\pkcs11.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\Telemetry.FailedProfileLocks.txt.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834620.c7889da7-33f0-4599-8452-58d47c58437b.main.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\session-state.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\handlers.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\78267ebf-1fb3-4b11-82e9-903e54a2a54eJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\times.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\shield-preference-experiments.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\xulstore.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addonStartup.json.lz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shm.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\previous.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\times.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\6fc53411-ad83-4cf6-a5f6-905f0f3f52e8Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\277ffbb3-8e94-4f3f-acac-7a401d130160.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829746.67aa4432-87f8-463e-b422-f6679add9971.first-shutdown.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\ls-archive.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\7278f154-e8f4-4235-84c5-c5c1c6af0084Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\45e26519-596d-41a5-b290-e547b44111fdJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite-shm.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\times.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\a5d6ec76-765c-4778-afd2-1e05a1554d8eJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\handlers.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shm.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\state.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829702.cde8135c-88c3-4c34-8670-7ef017742548.new-profile.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829746.67aa4432-87f8-463e-b422-f6679add9971.first-shutdown.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\7d12ac42-15c3-4db9-abfe-259bc8d249acJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\7278f154-e8f4-4235-84c5-c5c1c6af0084.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857860.a73949a2-5a70-4025-8008-88156c16bb4a.event.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\shield-preference-experiments.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\15f01145-7764-450b-9ad5-323693350a9cJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shm.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\previous.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\addons.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\pkcs11.txt.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857833.45e26519-596d-41a5-b290-e547b44111fd.health.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\state.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857860.a73949a2-5a70-4025-8008-88156c16bb4a.event.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\a7174184-f177-48c4-876a-8a51c2ed8fbcJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333829737.9f7a5e7a-2be0-4ff7-b132-b1f6e59a8e58.event.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\a7174184-f177-48c4-876a-8a51c2ed8fbc.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834608.65054280-9d54-477d-a3ea-afcb1f88e001.health.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\containers.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\eventsJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\session-state.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\78267ebf-1fb3-4b11-82e9-903e54a2a54e.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\05d02ac8-b2f1-4670-8541-db8ec2bbf427Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\05d02ac8-b2f1-4670-8541-db8ec2bbf427.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\1435a377-bbaf-4c9c-8706-0811a779fa3f.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\.metadata-v2.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857869.95af30ae-acac-4802-b983-233d7fd3cf34.main.jsonlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings\6fc53411-ad83-4cf6-a5f6-905f0f3f52e8.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extension-preferences.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\AlternateServices.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\a5d6ec76-765c-4778-afd2-1e05a1554d8e.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\3a40aaf9-3f8b-43a2-85e8-88e3ffc7666fJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\ls-archive.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\events\background-update.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\SiteSecurityServiceState.txtJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\containers.json.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\12f997af-c065-4562-b9f6-11000bb95c9b.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\compatibility.ini.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.jsonJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333857860.81ddb4cc-1d49-45f2-961f-e24ea6db2be5.health.jsonlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\SiteSecurityServiceState.txt.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\277ffbb3-8e94-4f3f-acac-7a401d130160Jump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\808127e8-e7ed-4078-b3f3-7f09061a011f.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pings\7d12ac42-15c3-4db9-abfe-259bc8d249ac.AAtvmKv4LJump to behavior
              Source: C:\Users\user\Desktop\Document.doc.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10\1696333834606.011115ff-9301-40fc-805e-ba07b7fdfce4.event.jsonlz4Jump to behavior
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading
              112
              Process Injection
              111
              Masquerading
              1
              OS Credential Dumping
              311
              Security Software Discovery
              Remote Services1
              Archive Collected Data
              1
              Encrypted Channel
              Exfiltration Over Other Network Medium1
              Data Encrypted for Impact
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              DLL Side-Loading
              11
              Virtualization/Sandbox Evasion
              LSASS Memory1
              Process Discovery
              Remote Desktop Protocol1
              Browser Session Hijacking
              1
              Proxy
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)112
              Process Injection
              Security Account Manager11
              Virtualization/Sandbox Evasion
              SMB/Windows Admin Shares1
              Data from Local System
              SteganographyAutomated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
              Obfuscated Files or Information
              NTDS5
              File and Directory Discovery
              Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
              Software Packing
              LSA Secrets122
              System Information Discovery
              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Indicator Removal
              Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading
              DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              File Deletion
              Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1431996 Sample: Document.doc.scr.exe Startdate: 26/04/2024 Architecture: WINDOWS Score: 100 40 Multi AV Scanner detection for domain / URL 2->40 42 Malicious sample detected (through community Yara rule) 2->42 44 Antivirus detection for URL or domain 2->44 46 11 other signatures 2->46 8 Document.doc.scr.exe 32 1002 2->8         started        12 ONENOTE.EXE 2->12         started        process3 file4 24 C:\Users\user\...24IKHQAIQAU.mp3.AAtvmKv4L, DOS 8->24 dropped 26 {D65231B0-B2F1-485...l_ISE_exe.AAtvmKv4L, DOS 8->26 dropped 28 {7C5A40EF-A0FB-4BF...e_x64_exe.AAtvmKv4L, COM 8->28 dropped 30 120 other malicious files 8->30 dropped 48 Found potential ransomware demand text 8->48 50 Found Tor onion address 8->50 52 Contains functionality to detect hardware virtualization (CPUID execution measurement) 8->52 54 7 other signatures 8->54 14 53F6.tmp 8->14         started        18 splwow64.exe 8->18         started        signatures5 process6 file7 32 C:\Users\user\...\ZZZZZZZZZZZZZZZZZZZZ (copy), data 14->32 dropped 34 C:\Users\user\...\YYYYYYYYYYYYYYYYYYYY (copy), data 14->34 dropped 36 C:\Users\user\...\XXXXXXXXXXXXXXXXXXXX (copy), data 14->36 dropped 38 24 other malicious files 14->38 dropped 56 Antivirus detection for dropped file 14->56 58 Multi AV Scanner detection for dropped file 14->58 60 Contains functionality to detect hardware virtualization (CPUID execution measurement) 14->60 62 3 other signatures 14->62 20 cmd.exe 14->20         started        signatures8 process9 process10 22 conhost.exe 20->22         started       

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              Document.doc.scr.exe81%VirustotalBrowse
              Document.doc.scr.exe79%ReversingLabsWin32.Ransomware.Lockbit
              Document.doc.scr.exe100%AviraBDS/ZeroAccess.Gen7
              Document.doc.scr.exe100%Joe Sandbox ML
              SourceDetectionScannerLabelLink
              C:\ProgramData\53F6.tmp100%AviraTR/Crypt.ZPACK.Gen
              C:\ProgramData\53F6.tmp100%Joe Sandbox ML
              C:\ProgramData\53F6.tmp83%ReversingLabsWin32.Trojan.Malgent
              C:\ProgramData\53F6.tmp83%VirustotalBrowse
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              https://cdn.entity.0%URL Reputationsafe
              https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
              https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
              https://api.aadrm.com/0%URL Reputationsafe
              https://api.aadrm.com/0%URL Reputationsafe
              https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
              https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
              https://otelrules.svc.static.microsoft0%URL Reputationsafe
              https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
              https://officeci.azurewebsites.net/api/0%URL Reputationsafe
              https://my.microsoftpersonalcontent.com0%URL Reputationsafe
              https://store.office.cn/addinstemplate0%URL Reputationsafe
              https://www.odwebp.svc.ms0%URL Reputationsafe
              https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
              https://bugzilla.mo0%URL Reputationsafe
              https://ncus.contentsync.0%URL Reputationsafe
              https://wus2.contentsync.0%URL Reputationsafe
              https://skyapi.live.net/Activity/0%URL Reputationsafe
              https://api.cortana.ai0%URL Reputationsafe
              https://www.amazon.co.uk/0%URL Reputationsafe
              https://staging.cortana.ai0%URL Reputationsafe
              https://wus2.pagecontentsync.0%URL Reputationsafe
              https://cortana.ai/api0%URL Reputationsafe
              https://tox./0%Avira URL Cloudsafe
              http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion570%Avira URL Cloudsafe
              https://tox.10%Avira URL Cloudsafe
              http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionicA700%Avira URL Cloudsafe
              http://lockbitsupp.uzFFFFFFFFFFFFFFFFFFFFF0%Avira URL Cloudsafe
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion100%Avira URL Cloudmalware
              https://www.bbc.co.uk/0%Avira URL Cloudsafe
              https://d.docs.live.net0%Avira URL Cloudsafe
              http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion3d8bbwe0%Avira URL Cloudsafe
              http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onional0%Avira URL Cloudsafe
              https://www.bbc.co.uk/0%VirustotalBrowse
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionin0%Avira URL Cloudsafe
              https://tox.//0%Avira URL Cloudsafe
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion13%VirustotalBrowse
              http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionJ60%Avira URL Cloudsafe
              https://d.docs.live.net0%VirustotalBrowse
              http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.oniond60%Avira URL Cloudsafe
              No contacted domains info
              NameSourceMaliciousAntivirus DetectionReputation
              https://shell.suite.office.com:1443BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                high
                http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion57Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                unknown
                https://autodiscover-s.outlook.com/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                  high
                  https://useraudit.o365auditrealtimeingestion.manage.office.comBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                    high
                    https://firefox.settings.services.mozilla.com/v1/Document.doc.scr.exe, 00000000.00000003.1923569057.0000000000F85000.00000004.00000020.00020000.00000000.sdmpfalse
                      high
                      https://outlook.office365.com/connectorsBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                        high
                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                          high
                          https://cdn.entity.BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                          • URL Reputation: safe
                          unknown
                          https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                            high
                            https://rpsticket.partnerservices.getmicrosoftkey.comBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            unknown
                            https://lookup.onenote.com/lookup/geolocation/v1BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                              high
                              https://www.leboncoin.fr/Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                high
                                https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                  high
                                  https://api.aadrm.com/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  unknown
                                  https://tox./Document.doc.scr.exe, 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.yammer.comBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                    high
                                    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                      high
                                      https://api.microsoftstream.com/api/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                        high
                                        https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                          high
                                          https://cr.office.comBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                            high
                                            https://messagebroker.mobile.m365.svc.cloud.microsoftBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            unknown
                                            https://otelrules.svc.static.microsoftBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://lockbitsupp.uzFFFFFFFFFFFFFFFFFFFFFSPL1E5F.tmp.0.drfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://edge.skype.com/registrar/prodBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                              high
                                              https://res.getmicrosoftkey.com/api/redemptioneventsBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                              • URL Reputation: safe
                                              unknown
                                              https://tox.1Document.doc.scr.exe, 00000000.00000003.1809469644.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1943421731.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1830447768.0000000000E58000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              low
                                              https://tasks.office.comBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                high
                                                http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionicA70Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://officeci.azurewebsites.net/api/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                • URL Reputation: safe
                                                unknown
                                                https://my.microsoftpersonalcontent.comBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                • URL Reputation: safe
                                                unknown
                                                https://store.office.cn/addinstemplateBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionDocument.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000002.2168315315.0000000000F6B000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.2166183678.0000000000E7F000.00000004.00000020.00020000.00000000.sdmptrue
                                                • 13%, Virustotal, Browse
                                                • Avira URL Cloud: malware
                                                unknown
                                                https://edge.skype.com/rpsBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                  high
                                                  https://messaging.engagement.office.com/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                    high
                                                    https://www.amazon.com/Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                        high
                                                        https://www.odwebp.svc.msBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                        • URL Reputation: safe
                                                        unknown
                                                        https://api.powerbi.com/v1.0/myorg/groupsBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                          high
                                                          https://web.microsoftstream.com/video/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                            high
                                                            https://api.addins.store.officeppe.com/addinstemplateBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            https://graph.windows.netBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                              high
                                                              https://www.bbc.co.uk/Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • 0%, Virustotal, Browse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://bugzilla.moDocument.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://consent.config.office.com/consentcheckin/v1.0/consentsBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                high
                                                                https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                  high
                                                                  https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                    high
                                                                    https://d.docs.live.netBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                    • 0%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://safelinks.protection.outlook.com/api/GetPolicyBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                      high
                                                                      https://ncus.contentsync.BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://firefox-settings-attachments.cdn.mozilla.net/Document.doc.scr.exe, 00000000.00000003.1923569057.0000000000F85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                          high
                                                                          http://weather.service.msn.com/data.aspxBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                            high
                                                                            https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                              high
                                                                              https://www.iqiyi.com/Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                  high
                                                                                  https://pushchannel.1drv.msBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                    high
                                                                                    http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion3d8bbweDocument.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://wus2.contentsync.BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                    • URL Reputation: safe
                                                                                    unknown
                                                                                    https://clients.config.office.net/user/v1.0/iosBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                      high
                                                                                      https://api.addins.omex.office.net/api/addins/searchBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                        high
                                                                                        https://outlook.office365.com/api/v1.0/me/ActivitiesBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                          high
                                                                                          http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onionalDocument.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                          • Avira URL Cloud: safe
                                                                                          unknown
                                                                                          https://clients.config.office.net/user/v1.0/android/policiesBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                            high
                                                                                            https://entitlement.diagnostics.office.comBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                              high
                                                                                              https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                high
                                                                                                https://outlook.office.com/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                  high
                                                                                                  https://storage.live.com/clientlogs/uploadlocationBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                    high
                                                                                                    https://login.microsoftonline.comDocument.doc.scr.exe, 00000000.00000003.1756679034.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                      high
                                                                                                      https://substrate.office.com/search/api/v1/SearchHistoryBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                        high
                                                                                                        https://www.zhihu.com/Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://clients.config.office.net/c2r/v1.0/InteractiveInstallationBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                            high
                                                                                                            https://graph.windows.net/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                              high
                                                                                                              https://devnull.onenote.comBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                high
                                                                                                                https://messaging.office.com/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                  high
                                                                                                                  https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                    high
                                                                                                                    https://skyapi.live.net/Activity/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    https://api.cortana.aiBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    https://tox.//Document.doc.scr.exe, 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    unknown
                                                                                                                    https://www.amazon.co.uk/Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    https://messaging.action.office.com/setcampaignactionBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                      high
                                                                                                                      https://visio.uservoice.com/forums/368202-visio-on-devicesBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                        high
                                                                                                                        http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changesDocument.doc.scr.exe, 00000000.00000003.1923569057.0000000000F85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://staging.cortana.aiBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          https://onedrive.live.com/embed?BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                            high
                                                                                                                            https://augloop.office.comBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                              high
                                                                                                                              https://www.wykop.pl/Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onioninDocument.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                unknown
                                                                                                                                https://www.olx.pl/Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EBD000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756679034.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EC6000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1756607458.0000000000EA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://api.diagnosticssdf.office.com/v2/fileBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                                    high
                                                                                                                                    https://support.mozilla.org/products/firefoxDocument.doc.scr.exe, 00000000.00000003.1750415562.0000000000F2F000.00000004.00000020.00020000.00000000.sdmp, Document.doc.scr.exe, 00000000.00000003.1750847366.0000000000F23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectoryBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                                        high
                                                                                                                                        https://officepyservice.office.net/BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                                          high
                                                                                                                                          http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onionJ6Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          unknown
                                                                                                                                          https://api.diagnostics.office.comBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                                            high
                                                                                                                                            https://github.com/Kinto/kinto-attachment/Document.doc.scr.exe, 00000000.00000003.1923569057.0000000000F85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://store.office.de/addinstemplateBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                                                high
                                                                                                                                                https://wus2.pagecontentsync.BD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                unknown
                                                                                                                                                https://api.powerbi.com/v1.0/myorg/datasetsBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                                                  high
                                                                                                                                                  https://cortana.ai/apiBD26BCAC-D937-4929-B9EF-540A562E35CD.9.drfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  unknown
                                                                                                                                                  http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.oniond6Document.doc.scr.exe, 00000000.00000002.2167769002.0000000000E9F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  unknown
                                                                                                                                                  No contacted IP infos
                                                                                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                  Analysis ID:1431996
                                                                                                                                                  Start date and time:2024-04-26 08:18:06 +02:00
                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 7m 13s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:full
                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                  Number of analysed new started processes analysed:17
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Sample name:Document.doc.scr.exe
                                                                                                                                                  Detection:MAL
                                                                                                                                                  Classification:mal100.rans.phis.spyw.evad.winEXE@9/1663@0/0
                                                                                                                                                  EGA Information:
                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                  HCA Information:
                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                  • Number of executed functions: 83
                                                                                                                                                  • Number of non-executed functions: 6
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, printfilterpipelinesvc.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 52.109.8.89, 52.109.16.112, 52.113.194.132, 51.11.192.48
                                                                                                                                                  • Excluded domains from analysis (whitelisted): ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, cus-config.officeapps.live.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-ncus-buff-azsc-000.northcentralus.cloudapp.azure.com, ncus-azsc-000.roaming.officeapps.live.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, onedscolprdfrc01.francecentral.cloudapp.azure.com, roaming.officeapps.live.com, us1.roaming1.live.com.akadns.net, ocsp.digicert.com, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, us.configsvc1.live.com.akadns.net, officeclient.microsoft.com, ecs.office.trafficmanager.net
                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                  TimeTypeDescription
                                                                                                                                                  08:19:31API Interceptor122x Sleep call for process: splwow64.exe modified
                                                                                                                                                  No context
                                                                                                                                                  No context
                                                                                                                                                  No context
                                                                                                                                                  No context
                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  C:\ProgramData\53F6.tmpRcqcps3y45.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                    LBB.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                      lockbit_unpacked.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                        maXk5kqpyK.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                          maXk5kqpyK.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                            abc.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                              55Seo_SeungJoon44.docxGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                55VpD64eOy.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                  0rzZX3x868.docxGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                    cks.exeGet hashmaliciousLockBit ransomwareBrowse
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.606074832892311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pc+JHD5zTThjyS3NH5geDjxu7HsBOf7S10O3OGJEIfvm:Pc+tDtnhjySjQ7HsB5ymOHi+
                                                                                                                                                                      MD5:5FE0B60D703870BB3371BD4F7906C251
                                                                                                                                                                      SHA1:1EBEEFB9D9CDEC51017DE31C0719DDA872240A3D
                                                                                                                                                                      SHA-256:13D88F090232B64D28E7EA9ECCE3F203BE5AAFFA7AF2764561582816892888B9
                                                                                                                                                                      SHA-512:60621791CC1CE8CACB2E16E799E50078973592070B0C06EBDF48C7EDF98D6C07F6B7D39DFECA4FAA88A59F1D2E4474970A6B910395C43D3692FD27126C8FA692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.K..{.Z.7..a.0..'..f......lq...6C@..........X...7.w.;E..b..E;..T6.v.It.3^bI...k.}6..<..Y..MF........^.......j.uY....>..i+%.S.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.56541504608738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:sNIMutaQao/P80q1+cICobl0951qHS0uo+56FQ1D:sNCaoH+iCGi95SH9o6FM
                                                                                                                                                                      MD5:FA5D3CCB95727185BCCF6F0794ABF41D
                                                                                                                                                                      SHA1:97B543C2878FA9359667A0A345D7D109637F152E
                                                                                                                                                                      SHA-256:AC05399238159B16D553A373D784535B838F429C83609A139E12FDF981A0AD7A
                                                                                                                                                                      SHA-512:787EFD103D46741A30D82516DE8D89F5C95A95AB22C1E64603B13B7BC6DD99B9C45366A5F794E961A10A2D8595E31077A7DA58947DAC31CE0D6F9B7B00123133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.@X.....`....O...2.....?>......#.&.J..j.SP*c.f..&..o:..>.I~.U.x........[...x?.%K...+_h...^..%....._..7....^.".a..k..s..f
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129
                                                                                                                                                                      Entropy (8bit):6.501347894874275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:vRTsX4Ke55yfNO3dcEfmh2XKXY+Ud/m/0zrpc6aE:vRgoxs8dcEfmhBI3W2rpc6n
                                                                                                                                                                      MD5:0731D7CC528896E8DA2EE54BFF2DB151
                                                                                                                                                                      SHA1:0A48C524CEC2C21B157EC2EAF94077C7CB3C179C
                                                                                                                                                                      SHA-256:EE96D3FD7BF5BD86662100944912577D6A18420309308ADFA82E3B85605DE1E1
                                                                                                                                                                      SHA-512:CE6B43DFBEBCB29173960526347A5CE785C302F9B499133BE59BA1DC765D4F641AAAAC0EFC29EB0B50A696BF7AB376844346894D84D82B24A74D383F53E89842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....O.d.A....v+...;v....N......)..l..:.Y[.....VP....b_c.[y!....WF/..f7..l.c.......F..Sd..m...Z*)U!...>..\G...9y.&V......M..Q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                      Entropy (8bit):7.4998500975364095
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:5cFP7VtpK4p+31Mzh79W5vM+ZyUgGq4BtMvAxXCRsi:A7Vf9p+qQ02y5HW6kX
                                                                                                                                                                      MD5:294E9F64CB1642DD89229FFF0592856B
                                                                                                                                                                      SHA1:97B148C27F3DA29BA7B18D6AEE8A0DB9102F47C9
                                                                                                                                                                      SHA-256:917E115CC403E29B4388E0D175CBFAC3E7E40CA1742299FBDB353847DB2DE7C2
                                                                                                                                                                      SHA-512:B87D531890BF1577B9B4AF41DDDB2CDBBFA164CF197BD5987DF3A3075983645A3ACBA443E289B7BFD338422978A104F55298FBFE346872DE0895BDE44ADC89CF
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                                                      • Antivirus: Virustotal, Detection: 83%, Browse
                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                      • Filename: Rcqcps3y45.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: LBB.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: lockbit_unpacked.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: maXk5kqpyK.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: maXk5kqpyK.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: abc.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: 55Seo_SeungJoon44.docx, Detection: malicious, Browse
                                                                                                                                                                      • Filename: 55VpD64eOy.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: 0rzZX3x868.docx, Detection: malicious, Browse
                                                                                                                                                                      • Filename: cks.exe, Detection: malicious, Browse
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....YPb.................,...........9.......@....@..........................p.......................@......................A..P....`...............................@......................`@.......................@..`............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...`....P.......4..............@....rsrc........`.......6..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:PC bitmap, Windows 3.x format, 1280 x 1024 x 16, image size 2621440, cbSize 2621494, bits offset 54
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2621494
                                                                                                                                                                      Entropy (8bit):0.20179193598183706
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:GKm71jTv37T1BNrdVRd3fF3bdJf7vhpnzBxD1fJ/tBfJvTLtFFdF9tlFNtnvDdF1:2
                                                                                                                                                                      MD5:3EDADDED05C2D5DDD4E97BCD94A651F6
                                                                                                                                                                      SHA1:5F8EBB406D9DDAB30CD3AF911881C8B7F081E8AA
                                                                                                                                                                      SHA-256:4D78B315481095EEB5E9E89C1D81AA8A8EA737EEB3A307C92530199C0A8C311D
                                                                                                                                                                      SHA-512:FD8E10F8635E12FB343F227365E450FE3D3A1BD648D90B9ED56D80C1D2A25A5CB17562D11413A59D4008DC6ACD0312418348F2D5EC50AD26E3E53E046965C2BD
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:BM6.(.....6...(.....................(...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15086
                                                                                                                                                                      Entropy (8bit):4.262047636092361
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:jpBaAlHSa2vU9G/8MMBD7O1lXFMB8VMJP7:jpjmkMYD7IFMRx7
                                                                                                                                                                      MD5:88D9337C4C9CFE2D9AFF8A2C718EC76B
                                                                                                                                                                      SHA1:CE9F87183A1148816A1F777BA60A08EF5CA0D203
                                                                                                                                                                      SHA-256:95E059EF72686460884B9AEA5C292C22917F75D56FE737D43BE440F82034F438
                                                                                                                                                                      SHA-512:ABAFEA8CA4E85F47BEFB5AA3EFEE9EEE699EA87786FAFF39EE712AE498438D19A06BB31289643B620CB8203555EA4E2B546EF2F10D3F0087733BC0CEACCBEAFD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:COM executable for DOS
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):239
                                                                                                                                                                      Entropy (8bit):7.130665134195757
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:pdNu2kJ76b8DhRN60ug1Y9TMPgrePEXucXgoXnLYgko2WEKqFCKZRQeEClVMn:zNrk164vN6aY9APgaPEXTXganioTE5Ad
                                                                                                                                                                      MD5:5F3779758EA2BB3A9B6F1715BBF84CB6
                                                                                                                                                                      SHA1:8BCB86CB3D413B1700342CDF6455A35ACBFCA734
                                                                                                                                                                      SHA-256:EA49A33F44FE3CA7C4789CAAE281189B4BF18451C5809D5F316AB37F4BDEC66B
                                                                                                                                                                      SHA-512:61A4AB596409DCCEEA913C6281182CF667E7E6CEA0133D58328A5AF5C4C01BA39DEFB5CF9E8957201421F9869CE04E85B8BC33D333CD0E1459E523C285A1367B
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.y....mG.,.*.....1..^U....+5.;.../~..qw..!@.i.....(}....)k....A.B......!. v...kG.....!.:..E....4[".O*a.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):248
                                                                                                                                                                      Entropy (8bit):7.094125822550227
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:754+crSxZbnoSaaug0mgoXnLYgko2WEKqFCKZRQeEClVMn:eaxZboguwganioTE5ActLlVM
                                                                                                                                                                      MD5:D8AF8168CEAC24F5E6B84863EB08D78C
                                                                                                                                                                      SHA1:4569D85D5A2DF351DFF33C55BBE6BF9AAFD22D26
                                                                                                                                                                      SHA-256:77AC0E08F0E371212D279107363F5FB82D3D42C4379B53EC35D3DAFA4FF2A92B
                                                                                                                                                                      SHA-512:A4ACAC1E4C69A635D287D5EE80AD44073DCF01006F4BD1DF5F964520621DC66920456FD395D50D8CD365C68672F49940DC0CAAFD17951736D6972C3669929331
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......0.\C.7o..D*......G.D6[h^U....yg.;...,~..rw.t.wn..,.*.....%........7.W.Q.!..:..F.K..<?.m...p.,.....Z....Ev.b.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):45286
                                                                                                                                                                      Entropy (8bit):7.995641309364599
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:Px/nkZEJ9XjyAmep3WW8tLjV0lCYtjH7OMR3Gol/yWyKBwrK+dLTbYkdgy+q:PukjLmepmW8ttWjbOkGu6qOK+dLTckd7
                                                                                                                                                                      MD5:B00A5D2F7CD44C28236A904B5CC0A779
                                                                                                                                                                      SHA1:33643726D3AF787AD9953CEA748587D70BEDD569
                                                                                                                                                                      SHA-256:C7A7A670B09482166ABA9C402D05E75B75945EBF3BDA2F977D5B7BF8A48E5CC2
                                                                                                                                                                      SHA-512:452409BF59B514D173FE1054891D7AAA65AAA6913BAC799C8FD5BDD795198B79794078DF8BDF4487ECB8F7586B4ABD5C05A2B825EE454B48F4F2067357F36F94
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.wm...P...4.^x..6.`NW...).j.1a.~...v...TI9.}."..F.o.D..3u...yYQ...z.WS.f.H.J..St$-......{Q.o6.l.-.}..q...m...c.0...|.t."..w..;Pd.M%.....$...H.....I-|U...fo..a.s8.`...9$...............MxO...]o{l..%..g........3.>.V......e..`T.P0.:v.......b..=.....r.....}.y.7.~..).H.;...D.nQ....Vl8i..^D..$`L.Y?..wmchHdD........e..`;r.[.SK...y....eQf.Q.....^.ts`.......)R.E+w..`t.}0..Q*.u=F.@..}~..q.s..4...hX.d....{....W<..."e...PO.....;.lA......y..Y....lX..r......+....!".N.......#......W[8.<.\...[.>.....3.....V....ZD.e..8.:*......a......AWq..G...H.7.8lF.u..4.>.~@j....U.].v..............^..!. <..'_|....SI.......-.d...y|..w>.tL..6X}o..gJ !l...30.7}"./.:G'|.b.i. .jx..l%Rq,..g.::.#..D.....T\..L.....n..k....m.....o..L.&..F......+....)Z.X.EM-.y.........=..0oD...@.n(..T*.a.....r....{+..t.3.....B!..`...i.M@.._...`.'....:.......K.B.....?..c{.C......!.7..lDI..@d.Z...t.2..9O/.<].Y.......@.K}..4..F....$..:...7.<Yj.W..$iw.$..JcM......~:4.[0...g.s..?u%p...P".........Vcy=.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):270566
                                                                                                                                                                      Entropy (8bit):7.999308689560527
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:VuT2nA9D3wFjFeL5yrHxNxCihFgeioH7A1ZQ724Zyn2:Va2ANRL5ybYobAJAN
                                                                                                                                                                      MD5:3F6CC356AA0D0BED03FE8C9D270CCAE0
                                                                                                                                                                      SHA1:088E55A7D0C7D3F91E729D873E19963E05B14B12
                                                                                                                                                                      SHA-256:E04E2E71DF91E9F3401CE3501760C9C323C47CDCF07A59A02A11B634E82288E3
                                                                                                                                                                      SHA-512:A46B51EB224E915D7D25E39CAEEE129C41E50A6DFCB2D1135FD8B3E9D06F9ADFBB9575B3373F2BB8534185BE613A93F1D6FD5C3E2632D2A2A8FCFB4562DEFAD7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:bzAi...D... .EA..*|a.^h..]QN..u.........k...=b.v..q.9.\W.....-UNS._..66.Rrb.......pL.h.u...B~m..'v...G.b..T..3.....+...*8|.1.^.M.5..+-w....N0P.Ry.s*......;.D...^.F...\.9.+.....j.u.#]..K..a.#...w...O....}...L....|x...4...i........G.nP).<..f.......+.#.p9....'h.=?x.%A^y.T.V...../..$....7)......}.~.5h%C...oX.R.\Z(]....p......@y.7@.b.P.W0.2.yb..[........G..%U.............dQB..f......P...a......q.Us.p..]9IM+.....qq0j..y...%......K..D.z.d......Jf.P...X.......]OE.;.1.."...}..cG.PL.8Y.[...O....r.$2/._..Kq....3......VW.4.3n...\.k[...MU.....L).-o...{..;....u..pf...)v.j5..}..&u.....Ub.+?.V...&..ncWt..cP.|.|...G):...?Rf...6..Y.K..O...'..-d@.8.K..e.-[.l....R .C.Ny-.u.hE.}.5..Q']fK..j.:...60h?....f.......*........D9.R.\.N.g..T.....>....N.l>..w.N..b..I.P#..6....Sk"G.W....X..~..6|=j...6......3...SI.........E..A.....9e...p....d.q..gL.cmMj{.....x..r.U.j.s.....M.2_. L...p4.|&......b.F.Nx...~.6....Q.[T..*..i_.qo..[+..h..#._...2S....*..E..]..-...{...5..c.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1056998
                                                                                                                                                                      Entropy (8bit):4.951693632440137
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:gEap0NNDHdvtENvsItD7FBziGcX+AlfOksW:w0DsJsG1g+AlfrH
                                                                                                                                                                      MD5:825F96B288A4D6D774941CB31C7FA39A
                                                                                                                                                                      SHA1:044C9D4614D8359422600EFA9A63EB153020C2C1
                                                                                                                                                                      SHA-256:11899B003CC49180B320D298C4D7875019F582BFE4A2E59D3E4D6EA75ECA7073
                                                                                                                                                                      SHA-512:A8A16B7E34DD1113BD67972999E75E8174AEC72E03B9418A6F06AE56EB1506023EEE5DC14AAD1C31220444C4E716AF8C770BF7070819261804FD7AAD16F8D83F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:?d.xA~..."5..Bv6/A9..ja....M'.Q<...lt.h....~P. -..R.#.....0.D....P..|$.ba..|..1j....B.....-../=$..C}..S../vd....C..t.....He.<I..9..ybP...eR.u.~..k.......bo..N.Q. ....l....mg.?.1j...=.s......ps.+|iM.zYq..$..k.}8-.P...j>......l!J....X+.xO...Xg..z..Fu..S.....s..B.|.!.K|!.I.........v.'.Y.CS.=.1..L..^.....Tp}..q.0....s.Y..p[W3Vm......a.ab.O.M(.Tx.8..&l80....Y.Z.7......q.....)......(n$..n..}..Q.."......vL...C.&r...l~........R.SZ..qL..5..M.G.../...h..1.q.+.g....^E.'.dY|^$%T.GXI..()..:0d.`.0..4w...0...i.G..'.....Y..C.:.J.oPy.$.d...SC+.ym.Y2.@.3..g(.]...l......./ 4W.-4..Xd..!.yr{].u.&.Xv...i/.#V.;..(s....l....B.V...a...\0QL.a...?._.v%. T.S...7.2...q.<-.B.*.f.8...`...[...G}B......=......^...a~v....E:U.....Bb...!.08%'..e...<.8D..j./..f?...z..e^:..S.qG.V....J...T@..s2.e..P./..a.A..u.......yZ..._...<2o.... m.L...}...p.....8zx.C..!.h.b.e~.m..`n.L.<A!..JMdY...:.%.Oo$.m4..([^.6J3.R...E..KM././......B....,<............D....8...q.....5..g.FM>}`f.i.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4202726
                                                                                                                                                                      Entropy (8bit):1.5353400215932291
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:4sWPIlWlkqaSo4RIlRUZ/GxCHML2rxfjYuEJhK/QoXO:4nPwWBaSo4mDCsC5jYDJhKIoXO
                                                                                                                                                                      MD5:E55C0C837C76859D354CBE55217A5016
                                                                                                                                                                      SHA1:31F0395AC7D9A0F6D67EACFF17F58DDCC7BD0573
                                                                                                                                                                      SHA-256:7E706723D8B6FC10D2CF95600455720BEC13D597A2216F3FA2A7C8E32D5456F8
                                                                                                                                                                      SHA-512:E929CA7986DE253A954B1C53F9CD8D28C65DAEFE3C18DD54FBC6D36FE621CD7558C3C16670985BC8B821B38933AFB3B4BFB83220575261921279F9F0639093D9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:x..s..;^..9-,..~..4.-I.M....K...>..S.....m.q..v..T.X.."&:.*.On.`.&W...p.@]..BZ%/..x...B....I.f.(..9...}Tp..u.>:....ktM.u.*dS.N.q..V:z.F...N...c..>Sn.....S..G.#$...A..W.MH......i..h...F.`..........h....?.L.....vK..C..t.B.........]V.,.rC.$%..[..q.o_..F......xEU....M2&..zF ....9....xD {..G.x.QN..^.o.z.4a._.{z.a.|.2.W.:..b.l..9h....{....k.5fRT.....l......@..w]..HP..?c.c.n...^.|-.|.H..mk"..M.enE.MB.o@.`n.9)G.P.......h.M....7p...S\..|!g....6jGW.....M"....v...*.\..tC..#...d.....;.i....f...k.:.".Z...........U....57.'mf.}Hs.fC.4......If.>..}.:.h..M.D.(M....'.UxUmkp}.......t.G.T.....:.B..?6....N`*).~.z.W.6B....W..H...M.5.@j.:_.]N.I..^.D3..R/S.BX..d.N.C.`....~`......w.Z.......N......j.Xm..]+....[.-9..j>.^.....w......*....\9y.1,.~Lu.x.&`.../P.Z..hD..!p...7...S"-v.O4..E|Wc..V.w;:.]Z)..`.......L.I..]n..v..+]5..S.[......r5.']...M_.o...#B.L...`....C...;;.Z.+.W.{qhQ....x..'..b......b.@..%..&.9....$x.@....\.......vtD.#M..Qx..{.........y....y.d
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):524885
                                                                                                                                                                      Entropy (8bit):7.99958305488626
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:12288:NrY8t4z5wW+p0TwGajZcm/i3mxx6SgeiLxA/OrS1wPe:68t4KpAwFjCWxx61eiLeWSz
                                                                                                                                                                      MD5:92D0D83E9C3C19A5A02BF39094F48F37
                                                                                                                                                                      SHA1:7DD0250D55E530EA725BC22550BB3E35D22A4442
                                                                                                                                                                      SHA-256:B44D8D809E67A909B8024D8F7D3D4A623EFBA2B5DBCC38DDF986F0770DD5F81B
                                                                                                                                                                      SHA-512:DE016006ABEAC040C3B3384379EF87B85B9C77844026F4B7216F575A576CA0E3D0AEED127944389576D9C4B521FA86B56037685F74B6F3184BAFD1BD2DF111D8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:g...#T..{.P*....;.,..KZPP...6s._........\...+...R&...w.4...R]..;Z.H..{...v../.e.|.D.-S...^..i.2...wx.'..(..G...Xy._.~'..i...PL.."G.).T.syS\...H...k...2.$.f...,.6..U.=.kD..Y..+..*..|..+j......5#W7..&.\.W..o...lrR..{.Wf.?o...,..T........G...d..ww.......*.my.#.."QMZ..sj.......Kg^KI!...ra...~..XSD..h...n.=z[,.>)G"..R..p..`...?v.(.b.>..O...{..=..c.....M.nv....-5..f/.e@.....(.,...M&.."N...d3..\..#..?D9.f.SfA.K.!$...V}[........s.7J.[I..z....*.I(...E..G.XVv....2..#0..(.....\}.5b..)..M.R.C.z.1.aW...IP.G...e.:.h..c.3...3.h....V..h.....+.i..E`........u..{..7qf.-_..|...._@}.t3MZY....,J.,.`.Vc.\.y6.......-_.s...z....4E.....|o.HT..U.[..o.I.i..\..0...q....+.$..V.|..?.@..s. ..!...;....[..6.ae.}J......\..7...gv<."3........,.^...?].c.9/ @..r.......9F..'l.`...oRm.....`n...t....a.20/..V....v3..&v.S-.. K>7..K.fI.sC.K{..x`:......I.9Y..u-..n..2.{.Y*....[....Si.{..{..Dtc4bN..U0]..b.Fi.j..../.o.).^.....Y#.d.h..".$...WN..+.X..C....Yr.q..(..2........a|.3u.......i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):458
                                                                                                                                                                      Entropy (8bit):7.532909459546654
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:cYNf3y0cOeuZIC6fhvsfvxktE8aEgaSrganioTE5ActLlVM:cYNaxtC2vsfviAELloSttpVM
                                                                                                                                                                      MD5:897039FC769ECA284403E8C7050060C0
                                                                                                                                                                      SHA1:2A1AAA7B8C8A7DF6F372B30AE3ADFDFBFB13B02E
                                                                                                                                                                      SHA-256:49996EEAA02508D4117D427697ECF866E1F0BDC5C6E450DD51412BC8157CD8F8
                                                                                                                                                                      SHA-512:8CD0A5DD2DA2EE3452C2FB3667C5DCE1F8741B7CEDB5A347BD4DF66B9FA20726ED4F5E7CF585FB688AA1AEF2DC3ED57B9B9E1D73C4B4D72EC98B98C9310318C4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:|..0(...;"nlN.>....b...T.X.8U.Y....mN..R.....b.......mw(.&.....W~.7u....c.4.c.8.}..A.Q..#.....w...K.. f_.r...sgd......PN,..z......<...H....Q>6k_.-.....[&...u.q...8..H......O..T!l.)Va6.<..x.B.}$.`.8Y.z.l......~X7..$.T(_8.._!q.sw.U`".b(;8......5.vA!]V....<DF..4.!.f...:..jT.B-..5F."."7...Ok........6..3Z...s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):466
                                                                                                                                                                      Entropy (8bit):7.554421170394702
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:IWH+28jM+VXoJzG+sYGXNJFyr69k9H7ganioTE5ActLlVM:V+1+Ji+sYCN3yr6TloSttpVM
                                                                                                                                                                      MD5:BE14B5F3B9F06162C130133C94012312
                                                                                                                                                                      SHA1:5C467752369EFE27B7155D7D444B75AA380ECCDA
                                                                                                                                                                      SHA-256:179D6F6C459EE6AEEE7635BDF1BBB19ADAAAEAE467BDE0B94F153B2331A2EA5D
                                                                                                                                                                      SHA-512:20B0782E91B546F12052B4E1ABBD30EC93F3DF3C277BCDD5B757247E7E2A43C1A28487439F15376F5AD0B635550679856D78587CC680284B7FCFCBACD9FC63ED
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.xF... !../...O}..\......v....{@..!}Hr..s..J?7..n..dC....2.].z.Z.....m4Dz.6A.......s..u?I..........E.":...e.....L"..y..|..@ir.!...%>.....13..}.../..wt+.zu...ZR.S.(.U..\C........(.0..c5.......\"U..(...y.`....4Y.x.i...?2..@m...K3.>...k|..ow.t2".0(;;.........R)w.^..*w.3.K...V-A...?L..#>&.....v.U.Q...A...^........`.p.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):420
                                                                                                                                                                      Entropy (8bit):7.482721315568326
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:QDUyUJCsbA0Y88WhfwF1caRDeofN/CganioTE5ActLlVM:QDU7JCss0YWJScs9loSttpVM
                                                                                                                                                                      MD5:F356422D864D2881FBD68F0AFFFB3532
                                                                                                                                                                      SHA1:574A154A8262CADDB9082FC49108E468253AD7B2
                                                                                                                                                                      SHA-256:E1FF834B3786A3F86B9D099959C337D9B98124F405D106C562CD45213E44BD66
                                                                                                                                                                      SHA-512:50AA32D82FFAD66351A5B46DD67EAAE0AB461CD818FA758B76540031B2365DD3DD7FD51ED99EE68EB037B10BC78BB31084291BE8E13803550CF590556E5BF416
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.y(..ep."....<...8..yvU...p.|Q.B.C.EwM...c.Ba...,mw.}...7.E...r "..e+VQ@]C.B..W..1...Q........x>.....1..t....x........cu...$S;|K.`...U..P?..IpsP.....#s.<......L....Y.x.g...Hm5..Yf...nK .....5~..#w.t`".0(;;..g-.....,...S.[..M....!.B..lkK....O...B.....A....D...co.0.B.qjl.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):498
                                                                                                                                                                      Entropy (8bit):7.603138826051742
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:IQUmWc5/emBIg4I9gH2l7sHhlganioTE5ActLlVM:Kc5hIgjuWpO6loSttpVM
                                                                                                                                                                      MD5:C5D015943DEDCBE89178D20890286A6F
                                                                                                                                                                      SHA1:7BBB791B2EA2E44123440AEEB6B7DD1C499D133E
                                                                                                                                                                      SHA-256:52529B7E969190214D427B47782651BCB30023141514685BAB84D5DAC037D8F4
                                                                                                                                                                      SHA-512:E483C6224689A6DBA3660A7465AFA0CC8466D2F89E609BF00FAB24D4678E52067DF2810871CEDBB642F225C0866496C0101DE6DF73F16E4B0F3C4803811467AD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....Q.P.O.o.}...d...*U.......c..A....9.#..4..c.>{a......../.....7'Z.k..^&==......X.,A....Z..X..O._.,,.$p...H.|....i..f.=.=..3M4.....Xv.Z:8...#+...].k....\......T2..+:.lu].\.&....>......g...Y....>..A..i;....e.e..NJz.........3n ...1.vNR.;.Y.v.Z}.f.h6<.=\.*..AS.....p...w&t`".0(;8......5......|"I.M.......b.^?&.....W..r.:.T...6.!K...{}...'.q+#...i.9<r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):445
                                                                                                                                                                      Entropy (8bit):7.504935115814692
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:yRGv0GQ4Y7Hw5xHeN1xLjLZFMDilganioTE5ActLlVM:ygv0wzxHedZFCi6loSttpVM
                                                                                                                                                                      MD5:FCD6EFA5A6EC0FD6B3EE0E6130854CBE
                                                                                                                                                                      SHA1:DA8BF684C5B95F2F1FB856B14F1995CACCFA81DD
                                                                                                                                                                      SHA-256:ECC5313A25707309B5692C421C4CB8CB35BF20ACDAD96B0971AB15AFE06489B1
                                                                                                                                                                      SHA-512:0290097FF357B1125EA15BC669F40EBEFDEE154C986FDED0804471883A5BCD64775602A0E56D886136A3CB96CB497D70B69FDBDB4CC7A39B74A936A0B9873103
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.9.J.....l........b[...j..^...l._.....F..$.....~.P.%.....?.Ks.q..Rd....b...O.....e..........x.s.....Qp.....B.......J....w..)..x...y1....w@O".\..9Y.A}.kM.^.<......U..l.".^....Y...h.....\.G.D......\..I":..qh.t`p.0(;8................J.X;.y..".+g......./..?`wnm...7...*...W7$o.;).In.p.jq.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):442
                                                                                                                                                                      Entropy (8bit):7.5266946837065385
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:70Swozql2oJeFttWWmetHpganioTE5ActLlVM:Wy41VuuloSttpVM
                                                                                                                                                                      MD5:937405F27ABBCF05853E0706D382A35C
                                                                                                                                                                      SHA1:BB113F3BD4D677818CBF3AC102CEB86094BB56AD
                                                                                                                                                                      SHA-256:7EC73CAFFFA1528B6B6256B7212587C9D112DD460EF957BCC53B01093D7E3F96
                                                                                                                                                                      SHA-512:4DE1F858AB7E45761804A425257F060043307DC96FEAE1A8562C611E315C68E94F9B47241B7C6D8C2731586F2680AB7345D1D35FF8E2724F30755B470C8D1E04
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.y...O...G:....b..#'.....V...D~.T...-.[5..<..a%........'-....o...3.Uy....k..uh..R..W.....+.v.. \9I..1.&|..f.bh.....8.)k.... 1\9.d.sp.1..1,2.$sz..Z.9.....n.... .6.........v.....P.\z....B.+.IK..Y.-..M.....nK?c...H...z..2|..ow.t2".0(;;......\.H.C.....\......DXaO:.q..1.q1.-h...g.....&K.f.~.P/.....2...*.p.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:executable (RISC System/6000 V3.1) or obj module
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):461
                                                                                                                                                                      Entropy (8bit):7.476266253211314
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:JtPC9DAHMcTuOkwzo7O/uwbrEwganioTE5ActLlVM:Jl1McTf9sVloSttpVM
                                                                                                                                                                      MD5:117A657AC468940CEF82016DF1693925
                                                                                                                                                                      SHA1:41B1C0BE71582349275B394BD88076DBDD577D0D
                                                                                                                                                                      SHA-256:5EA48666F6D54F91A7B7C00FD7DF978A440F617E14FDAC54EC3603AE4B107C40
                                                                                                                                                                      SHA-512:B0E62C933FE7123E9B5E848B0FBEE8019A22886E54A156E51D4C0822AC4037B3EE1658EB82D93B29FCC7ECEBBDBB675E19E85BA22E1C35BDBF2B766E7BDC6F5A
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...<.Q/0..[.@T....7e..@kR.\.M...z.Y... .8. .....T...8I-..Y..< K..<B.}.x_!.._B.Za\..........z........q..+.|.U...{...C..'..&....[C.@I.k.T......Mz.b.J:q&#.......}vpZ:G.....e.9Z..7}......s...6C.c...A..[Y.).m...7...J@1....*'.... pK.cqh.t`p.0(;8......|.D~..EA...N.?.g].-.3`s+.,.h.J-G@...V\$ST......x .HVX..,.y...q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:DOS executable (COM)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):467
                                                                                                                                                                      Entropy (8bit):7.5276600054591
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:V6Ws81fuGY6F5CX08NBkKE0MmganioTE5ActLlVM:Ls6uGYWqJNBv9MXloSttpVM
                                                                                                                                                                      MD5:7E846350AF3C85F0B60224944CADB055
                                                                                                                                                                      SHA1:8B4F39DBEFC59219428F2FA12237CE8AFC3C3001
                                                                                                                                                                      SHA-256:42F2F04A72105E9953E1C5A79A3B58305A6083BD6E6E5ACE25980C72C736205D
                                                                                                                                                                      SHA-512:A3D870BBC170126AFB55CE8EF98074E17E1CF01587BA58F85E0407469B92ADAB7B1EE3E1FD306F38EAF3590B1C51B17B20FD2719699EF97774618A3B049F29D6
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.7}...d~.....B....>.Z...'..[..,......HA^R.R6s.5..Z9..L/.G....&..?.|.-h..i.!.d.N.[......pM>Y..E.T.........Y.?...3....{. ....m..y..`m...x.."ds..^.7Mv.c.;_.......Az.?.....3.........O.4..I$.>.=.P.#..7....}3[.|.o....^.~o\.......2..{pC.#qh.t`p.0(;8......Xm.....a..1:|h[...{..J.QO.Q.ub.....I..k.._.TP...%.LBO.2"..fq.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):461
                                                                                                                                                                      Entropy (8bit):7.580659193200818
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YS7YCyTQQbk2gJLIT2Pp+Ma3nkHSU7SA4xganioTE5ActLlVM:YS7T6Qr2gRIT2PUMa0yUGAVloSttpVM
                                                                                                                                                                      MD5:70F3E5DFC64ECEFB39D977A43DF57D72
                                                                                                                                                                      SHA1:669207466AFA6FA0AB0744DEE951156537243DF6
                                                                                                                                                                      SHA-256:78DB5CAE056A23CB1CAEF3C2DE12C2231106FCF5535345DFFAF46DAE23F58228
                                                                                                                                                                      SHA-512:1E15A75ADC75787005745B214A14A7E187E4937AF3610F9FDE5B6471D17C3C7A514A1DB3015B9B00F0C5188C256342BA3306608FDD8F790F2384052E9AA0BB32
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.:\..|D..k.SO...`H......<.....Hu{b1..9...Xv.v....o.......,.W...'..h...Ev9......C^.`m8.n..........*|.a......+.W...$..../.~.!".2X.j..N...T.7....+..?.......mo.j...P......:.4..7^.N.\.CX_............).n.[.x.f......f>[....K$u...u.!...w&t`".0(;8......5K..B........I.{'V. .1.1<Y.i.......~%......S...g-t2......G4B..r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):469
                                                                                                                                                                      Entropy (8bit):7.5333409889221725
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:eBsbycbaqnYtG3EaUI+f0Fer2cYOUbganioTE5ActLlVM:e4brAG0aUfMciBVEloSttpVM
                                                                                                                                                                      MD5:77952FC274A462E0232FC6F9FB0C2B60
                                                                                                                                                                      SHA1:A040A233DF43E34159933DA43F2A25899C021D2B
                                                                                                                                                                      SHA-256:A659F6809006E50D2BFA64AFBB3CC534265A1D1B1FF0B2BB1AE714A506C511F6
                                                                                                                                                                      SHA-512:B1754F7B5D5E4833178F0D9C0D1DD97A9F03B7FAA88D60CFA75278CB46A8FDAB9F25FAF1253A0EE378205742B7DA914843A99F9B4EB30F4E11057290BFEDD6EA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:G..g..x.-}2mz...P.......0p...{..3l...D...y2J.(.,......b.......#.<..%...r:(...ym.D.p.t.'0.h..c._.....3Ume'....d(?.h...3..f..d..D........Ign.GX.....Q...I.H......OU.!X.C..Q...!...T.I.`..[.........c>...P..1[.x.;.....5.F.P........I.N,..w&t`".0(;8......5...<.2./..l..37..?..3....).t7.)....E0........wj.*.q..n..r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):460
                                                                                                                                                                      Entropy (8bit):7.57381014135325
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:mkwQv/cD9O2wo4NsrtiKpZCqsFaPBvGUCRV8g464cXgoXnLYgko2WEKqFCKZRQew:WXRwocshDUaRH6RXganioTE5ActLlVM
                                                                                                                                                                      MD5:CB3FE11CD52012572064B43B67206992
                                                                                                                                                                      SHA1:84652FBDC236956E0BF20AFE26896335CCBFD6C8
                                                                                                                                                                      SHA-256:C7CA1325A8764F9240D749A5C90EE446DE64A4323416992A9E276B88B349ED7D
                                                                                                                                                                      SHA-512:D28FD47F6B35064C2D3FC2D25CADD73CAAAC579B9C4C6112AD9A7CF244E55C9D60C6A134ED6D0C9C4F13B3EC47B3C2706E7B175F7691E4CE8D299EF464DF429F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:n:...'....b).>J.....6..M.$... .2I/.A...2-.8:T..1...du...r...S.e.....`.<....!.q..dfz5.Z...P..`.kT....b.J~.z...5.......6rZ7.K.<..!=..b..q./.:..^....m-U...H.m.x%..n.e..x.......n...!.M.&.h.Q.q.}#t}...y#[.w.;...(H:.|f....A........cqh.t`p.0(;8...........(.Q....k.o...t6W.I.2.~.........i7.F.1...!A...?.>...b..q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                      Entropy (8bit):7.520384964090907
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:RHpY58Y3qk7SC9cxyh8/w9XganioTE5ActLlVM:RHpYXWCgyh8/FloSttpVM
                                                                                                                                                                      MD5:5196AD6A1910396BDFA18EBF2265AF3B
                                                                                                                                                                      SHA1:00B7B60F2A834DBB8C1BAB768FC6C64BCC47B37B
                                                                                                                                                                      SHA-256:057F3048E5AE07A1789FEF0D9A8D344866F5D569538C57D53092113C769FF0D3
                                                                                                                                                                      SHA-512:FEC2F6BAC44705F789756BDFD4A5CB9086965D28052D09E34DF7DDB654DBD31E272F104092865AF302F99E330637977876D1AA301DE093814A5198C31C1B47E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.0(-....0..z.t`....G\.>.&..0...).o..O..w.L*......... .0`s..W._FL..."\.m....!..;.W_..I..;.....O.-.6.....i\.x...w...t.J.;.P./.(5lF(.m...l^.M.`p.u....G.....^......8..m.....f....[...k.X...^.Be........*.p..%s..U`".b(;8......5...{..@d$C...4$.vf...............X..,..k:..`r..7.$J.Kz....*j.>.s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):487
                                                                                                                                                                      Entropy (8bit):7.621209553648988
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:n7ZZg02ODnZTdiVFgxANZS/OklWfmganioTE5ActLlVM:7kzgnZEvgx0WOBXloSttpVM
                                                                                                                                                                      MD5:D761C8D9E4E4D79881DC77FA1370674E
                                                                                                                                                                      SHA1:DAF1274B12ED2B64024556523AEB0661945A47EF
                                                                                                                                                                      SHA-256:920E9FA4F4FC03E152415A6383B0B80216178BCF78A61BC9435BE7BAF903D294
                                                                                                                                                                      SHA-512:98B48CD03E5F225594F9C263ADEF97C1E925422A9376F7CF231F18E0C8F63B21365D21FBE678EDDA86451B608581F90860847800D7D029F85929A97919B6A708
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..VM..F..b)O...Cu~j.....,.&..].v.l5.}..T.:.Z...(!.t...BNXI.7.V.Q.Y+s\..2..I..e...5.....g.....\...9Sv.;..Y.Y.:....S.*az..{.C......:.MH<...(.bW..s...u{Wc.T...;.q..R.gP.&5..3%...+Em..).....L-....o.6.... w.n.F.fp.?{..lAS.o.f...bP..3.I..i[.+..M......vdI....,.6...pG.qh.t`p.0(;8........H.%6....2y.......cE.~...T..g_!....'......uQ.....W.........0q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):469
                                                                                                                                                                      Entropy (8bit):7.588323932613938
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:TYiEDtIf0lC+wKH3bAHrganioTE5ActLlVM:TYpSfcC0H3bAUloSttpVM
                                                                                                                                                                      MD5:2997EA6A6B2B878CC0A839679A93C296
                                                                                                                                                                      SHA1:C60B7FDABF2EB38EBBFE4FD68E911F3B46AA7011
                                                                                                                                                                      SHA-256:88FE76060A69279C77BB2244D1E4E125B190A0800CAD61479C14A77998DC78B7
                                                                                                                                                                      SHA-512:10611126B3DB51B3BEFBC4EFA202F01E391DD45ABF3BE4AB67CEBB096BD90E72316DDD2C9E786BC570056917C0810A665FE642D42D57534A9F411B372A233F64
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:I'N]..=qD...c...v...up.N7i...F..I...pO........o.>yn.c.,m.S...9..Q...tU...\......$....=...=.}..W.g.D.H/l.........=H/.8C59j.rbSC&WF!.....|.....b.@;r.C{.>...I...&.)[.......}[....f@'.kE.x...Y.BGFN........}n.s..}v..na..TZ.~.9.......z?[.....,.... .!..sw&t`".0(;8......5......@_..X.....n..L.....D.~^..5.{(._..E.B...@..]}.....k..,#r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):479
                                                                                                                                                                      Entropy (8bit):7.598584516052632
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:EywMCzRefWRBAVJ63aIWY7vtcozCb2py7ganioTE5ActLlVM:DLC9efWWJ63s12kkloSttpVM
                                                                                                                                                                      MD5:12B2750670FFCE49AD653EE404703DE9
                                                                                                                                                                      SHA1:8BD392B1CF429F2CA22FE8E1865A1830DD2D134B
                                                                                                                                                                      SHA-256:41A4CEAF771C1C5BB8545C6ACD78FB17A2ABB5120FCE12F3D0FCC69950787AEF
                                                                                                                                                                      SHA-512:EA562CE508B266DBA82F1E7ECB4E2FA29746A571DE1727DADFA5B82CBFC214049870B141182DAB8B90728D9232CD98DE7602F4FFB2DADC0569591D2DA729F292
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:D.sH.:-...X...5;..Q.*.......bZ.n".t...6..{W+...>..f..P.?....U'.[|.....tI.WT<..G!....}.f.....*..,.U...*c..!$..H.....l3..D...Dg".W.E.........h.|....D.2.I.m....r....6..m...<N;.b...(...^..?._v..>.-..X.6."...A.3..nQ=.g...).G..].|.n....#(8w.f...wj...../e..q%.t`".3(;8........../...7{......qE.!...E0.o}.@vG.L3.....>.#...5...:.|s..m.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):431
                                                                                                                                                                      Entropy (8bit):7.538704320215795
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:RPQVVPP7j4w07xPZZqCtmWeX/fl3umKPAFganioTE5ActLlVM:Re/4HXZBmW2lemKPxloSttpVM
                                                                                                                                                                      MD5:A926B56B981129CDE28AC38A95FDC7C3
                                                                                                                                                                      SHA1:1BE21183515365ADB63F0B1BF3251CD67AD84225
                                                                                                                                                                      SHA-256:F312973BC8C2CC5FCFA5D34FAE2941FBD1E86E8CE431797B08D2C5C4DC8FDE18
                                                                                                                                                                      SHA-512:6DF4B14D91AACD37F9709F91AD397C336ED57146C5C501D34613755E424F5C4AA33D21A00230811CA15DE2CA46198AC342ED2CDF6DB953AAC0E9E121420DF314
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.%..8-x)..^.+..*.d.z.C+.L..`.'.x".m...X....3.;.Y....l....w...F....^..(.P...{..+.^...-...'......bb\.jX.np..:..4...f..s@u..]...EQ...HN.mH.6...g...2..d.O!..:b......c.a...`i..&.vO]...o.....F@b....`..K..%_...Lu.tB".0z;8......5.......|.X.D}5W..!,N74#.@.......H....v..F...".;....e.v,hj}:..Dz.t.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):462
                                                                                                                                                                      Entropy (8bit):7.534254962722401
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:jbNV+VqcxXxzTYVCFmZXganioTE5ActLlVM:jbNVWTXx+QrloSttpVM
                                                                                                                                                                      MD5:066A4147557D9A4B7A7EF3B7A7B94E79
                                                                                                                                                                      SHA1:EF41FCC1F287B74AAA82EE883950529CEDC2DA5B
                                                                                                                                                                      SHA-256:EAE717ACB30C41FBDE307BF75AF89B295664F7D75410C359D0AD1C2C42D5CD6C
                                                                                                                                                                      SHA-512:2EB72557F67210DA09BC9E0809980B351730F375D93DCC5AB45F993B886120B0A9A054CB8A139D0F97139543D0A0B0DC4D3E672FBE2CAD64A03FF424BE0B5EAE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:S...J...g.u,..,.0.|x\a.....>...TI...eB.......|I.5.f.<.U.(z.Y..K.p..Ov....._..Zw'.q. ....?...f{.;.\+{F.`......3...^.....}Gkq*!Y@.m......F.F..0F../..e.H.XKy.8.a.vj..>.uj..^4`.Jh..-B..U.........Z...g..puED.<.].,.>...h6:.d@.1.{..].....cqh.t`p.0(;8......V...k.....U.D.B.....Z'/....Y+r..1n...5.g.CD1%...;..g.Q....3.q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):438
                                                                                                                                                                      Entropy (8bit):7.488282915864744
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:B+mjJf3AKXBSEjlb8Xmptu0oqganioTE5ActLlVM:omiMB5hb8XEtuRbloSttpVM
                                                                                                                                                                      MD5:C84AD0E6779CB8B98175295146A55B51
                                                                                                                                                                      SHA1:E9E01A413A1511CDA689D840BDCE4B8C8B0A4E2C
                                                                                                                                                                      SHA-256:62D0960C5617136B843A1487900D58F20F5E596A0AA6B034EDA9C5A4F7155A18
                                                                                                                                                                      SHA-512:7599D8F7F78B9053273446015296B904EE316906BA364F42DEA9DE7AC142E8A4485E183977AABE8EEF7CE250D5719962D220F5FDB7F2AFBB6B0182C7E2998289
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.1..Z..t.,_.`J...C.n{.3.....MM..!.P'..}..%...o!./.....m9.;Y.(.B....m.vz..>.......8Me......d.]K..B..o......[....\..,.....,b..L..#.WFN.|.\....b.d..2~.-.....n.._h..y.F....VQ.*..7.."\.y.o....[.K.7$.<.Q..'...pkr.qh.t`p.0(;8...........t...8L...5.....<`.......E.1.../.....Ax....0...B.+X.e....q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):497
                                                                                                                                                                      Entropy (8bit):7.545896183915366
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:lyTi1bClNXC0dGbTV25WwHxpURjV74kOPjEpdgMsXganioTE5ActLlVM:lyTSClRC0dWV8op74fSgMnloSttpVM
                                                                                                                                                                      MD5:419D09E1D4A952C84B53BF0A35AF620C
                                                                                                                                                                      SHA1:9BFE4EFBD248700937B7335DE048FCF92D3BF7BC
                                                                                                                                                                      SHA-256:7C9BD67BE7B7E50AF6D35F029F0767567A88662B8E4B74ABDCB59D463954F013
                                                                                                                                                                      SHA-512:5628E9ACAB93B77B4589068040E1553A4F028018D850F321D98909FC127CF1CB24AD72CCF96C13987CD8B0ADEB8AE720B0E460F54EF8926078DA82118E8027FF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:~....C.N..._..v^..M...@...S6......-....9...........t..P...p._a&...Z.S.6X.I*.. ..o.Ff..tWs`.. lMt./.j...........M>O.1.5.&.P..M.w/...V6.KWF.....d....s.>\_..0..RpC.Q].....@.,.N..p?....'Y....~bu<1....N...{...........(..tf2.p..sp..E5.P...b.z.\.y.<...n6=}m[.....T.^...p..`.u.U`".b(;8......5..M.@./=?.^..f.....-...;.x.i.<i.....(*.y.3[&Q......c...I.u<.s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):465
                                                                                                                                                                      Entropy (8bit):7.568846799897582
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YV8uS5FaaKKg7NbBYDLjjh2KBi0ganioTE5ActLlVM:ywaAAdYDzBiZloSttpVM
                                                                                                                                                                      MD5:5150FBB8F84705775C5BDBDEF97FE1E5
                                                                                                                                                                      SHA1:9A939BC45AAF011CB3E40E22BE182A1CB0A2C150
                                                                                                                                                                      SHA-256:CD03833D9F382E22AC92C90784ED0F08F7A4E8915D57034DD92872B89434A36C
                                                                                                                                                                      SHA-512:164C22E846AD0750A67AB30FB104B531A9F0349018C0CF18311E54FD10B289B0BCAAD1EB1DD5C21A7DFEA2C4CA1EF54F30A77305AA9384884CF63A64B2FCBE0F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.x. .v...s.i.T.xc(.n........A=tC..Z.y.j.%g...WI.?..j.x..o..Kf.;.zv...D.W]p....e. \..z.3.O.3.L...X.ZD .[I.n~s...w...M...._E_.z.....[....{......w.<.g......%.!....../=....M.....zX.N.3.M'>..\.\....t...x..r.k1[...._.}.h.......JQV...........~..qwTt`".0+;8....]..C....F.)...m...:.kj...."j...3.X..mx.h..{..Y..^8..jCS.V./..n.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):462
                                                                                                                                                                      Entropy (8bit):7.530902419385533
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:rILGqRZs9fGIPQkgxdeyIftd3YbbganioTE5ActLlVM:ruGqR3DIFdWEloSttpVM
                                                                                                                                                                      MD5:0635179EF6754272634DAEADDE81E46E
                                                                                                                                                                      SHA1:2DC1B152865D4CA01CFBF170D1BFAEB6355773DB
                                                                                                                                                                      SHA-256:16C4C547BB856F0B7F5BDCC92C716947FBA8510210CAE6C661C6532BC4655223
                                                                                                                                                                      SHA-512:3FB8054F1769209544358593ADD3DD8FCA4EE16ECAEEE4ACBA23ADBF27CC8FC4C6343804E9B1D1F746AB49E2468D45163E8D9A6F023FDE7BB6DE51DEF2F6352C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:y...yBfU........O.B..:..R.....:r...#..q.../....#B'.m.Xi..].>..nQ.Q\..t.~..........G...GhZ...?...<.MI.Y:.'O...{.K....X8.G...... X....C.'...-k_....7M.4....Z.q.>~>.Xh."...uyG@.Zh...`..:....<O.\V#c%.F......._.{.h..1.n1<.=.....[V......H..ow.t2".0(;;......]..z==."_%....Co.x..s..z..6.*.M...._...d.l.D./.*m7..Fa.....p.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):477
                                                                                                                                                                      Entropy (8bit):7.541278835626455
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:T5o8Esjk8RkMHnVpX3qUhbV5/stumJENb7ganioTE5ActLlVM:F7Rjk8ien/XdFH1NbkloSttpVM
                                                                                                                                                                      MD5:F8DCED72D7D2401C4C8F7A9C65B358BC
                                                                                                                                                                      SHA1:BAFB643871C396929A59F8772005C8AE38463355
                                                                                                                                                                      SHA-256:559FB07B39C485D083DB5B586137C31D0E246FC2DE191ECAC9CED5EE0CE3B9ED
                                                                                                                                                                      SHA-512:37810718D51769559F5EE1C6AD74AF4263BAFE624DA0131F0EE143D3B50334566390FE7B356C1FB256ED8126DC350444F1BD44CE7A0CA976A0C16706DE2CEAD9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.YX...A.BU..eh.abJ...XRV.....=..1.r.3..]L...H.YO.O...Z...X.=/.cG...A.....q]....B\`3s.`m#....'.@...HI.@..X..c8.8|.]....Z..,2w.^...j...X.F....A.....zi*.u.g.K1..)..y.O,2N......p.0`r4...64....y..Tk.P.7.C.0..n.Lb.|..&.3......gqO._.z.g.....Z.o\...p@..X..{ps.#qh.t`p.0(;8........p.ns..F"..:....P 3'..U'/.q3...z.=.............p...j.<..k!.M.q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):462
                                                                                                                                                                      Entropy (8bit):7.52994566046023
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:B7EtTR6Dq43K4y4lsGnCkgyBmliIUPFKanxxlganioTE5ActLlVM:c46onCkgcmmtdnx0loSttpVM
                                                                                                                                                                      MD5:B9A28267099727FAD37C0FC38C8DEE44
                                                                                                                                                                      SHA1:8D3C68E8F836F53635E3B5603797B3B85D3103CF
                                                                                                                                                                      SHA-256:2A09B900FF5CCF348FE19EB544483181F3824CAB729BCE5348D40FD8361C0258
                                                                                                                                                                      SHA-512:39FB59F6A7DDBA158FD4CEF53960AA1337758F84B92CEE62C2C7D7C39DDD356998DA64987238C09111B14FBC9F0CB8C8C7B16D79D54CAADA48FD2FBBA2132C80
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......c/.t.|.o.OT..........d.L,.Uk..r....t.{.(.(...]{.].E..F.....H....d..d6..Q.0.%.A ..i..T>...^......{..T=....v.m.#$..2Rv.....O.8.I...{e\......B~.Pv.|...~....bq..@Z.|.Cd.[;.l..If.U!.).+.._......g.v_...l.......beX...=|.._..2pb..sw&t`".0(;8......5l..0...3..~JV.ZA%T..B......U.T..m...[g...../f...xk.cK..T...'er.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):456
                                                                                                                                                                      Entropy (8bit):7.535348946667347
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:8WlkAC1FqmOIjXi5ekZQWsganioTE5ActLlVM:8skXgmO1qWBloSttpVM
                                                                                                                                                                      MD5:CF472AA7E6F40071293075F6969D16C4
                                                                                                                                                                      SHA1:47B5FE6D5108605E21D0A9006B34324FBEF049A6
                                                                                                                                                                      SHA-256:95535FE5CCA190643DDF5CEFA535E00F973E1EEA2BBBC715C2BD59AEF1B2F907
                                                                                                                                                                      SHA-512:A08F16DA32D26DB7D3A5AB84A77DE29DB82197C3B80C30F67A392343447D2E12891EB129862AF117A99FA7ED20504D29F4C47116F9C68FBECBEE96D515E0BFF7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7.0.u.A...oI..}........u.4.u0....@.6..Y...Di..a..T...7n}|...j.N#7..7....2:!..p..d<:....v....tXr>.4.6.z' ...l....e,V)..;....-f...9~sM..R...6...6..3..|....s...D.?....Is.6".....t.........s.W...(g..|Z..[._.*.g...96l}iY....H.._...p...qw&t`".0(;8......5x..J.....<.q.._..I'#R..`/..b.u..j..F.0&Rd..........`yG....r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):463
                                                                                                                                                                      Entropy (8bit):7.5096762152115435
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Y+0Q2Ec1hYqAW29fXdlkTtec+dlXJlhs1FxjVEkaganioTE5ActLlVM:6trrAW2RNlmtecQNJlhs1FxRBloSttpe
                                                                                                                                                                      MD5:6DA6B1F4129CE60539F9B4E27697CBD8
                                                                                                                                                                      SHA1:B2557280C32E4DC7A0AF456355584D21D44D5216
                                                                                                                                                                      SHA-256:A794F9527A0055D6466D107CBB47FA26525E160571E852F10CF2AA97FA6C991E
                                                                                                                                                                      SHA-512:5DF352659DC29451823D212FEED696D9FDCCF86FDACA8273731E3513E917D76CC9AF0E9F17D0E90A3472C6EBAD1B5B50290B220CA10153C125B6D21F3446D1AD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.=.cM:I..l...!..(.].Z..X...p.3....zA......).8......}..9......?... .........<}....&j..M.a...v......a!D.;`........'%.Q..i.....e<.pD......8.y...$?.T.7.E.K..:.6*...u..N,(F..3.E.....6..V..%1p.%...L.Z2.y.r..._.).=.X.....@U6..$.......')!.{sw&t`".0(;8......5t...t>.g...Pz.....jT....g.6..9.....!)...CF..k.l..=)....V...&..r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):455
                                                                                                                                                                      Entropy (8bit):7.496120449585614
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:IfT/bkNavs3Ee10hxcDV9QjcnnaEUy7ObXganioTE5ActLlVM:SrbkNaoEe10hxcDV9PaRyEwloSttpVM
                                                                                                                                                                      MD5:D3E408EEA97C83F7B378F6145775C3EF
                                                                                                                                                                      SHA1:3DFC03BF75D125E50E5DB47E35586F8E0D368D17
                                                                                                                                                                      SHA-256:F1F39936EABDC5D7DC5DB3E402FDB0E481C78DA30DC0024F9715460879628D94
                                                                                                                                                                      SHA-512:430471DD72DF72CF7AB6AB6C7EB35D0C9A92ECB8554A73D9A1C4E77467D129FC19A0D41847E3BE680A48FCA408AE88DB85C0F300AB197EDCB9AEBEAF00368972
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:uH....iI..A.s..,.6..A....3.O....3....{.J^...%..d.!.c%>{k.1...R....M......VY.dkn...M.A...M..~C....v...i..q.b*..n@W..tv.Lpd<.5>..........M._...1....8m..........>z<PYF.....YK..*._...'@.n....pX.o....^.~.m.......F.7.....$.]...J...du.U`".b(;8......5.{......../Tn"4.sh,de..D..k`J.r..%.....d......_V..........hp..yms.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):461
                                                                                                                                                                      Entropy (8bit):7.571024765999994
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:39Bk4Y4WPzpcg5PWz/ZSlEKR1wMkdlBVrganioTE5ActLlVM:39r1WPVWjNK6bwloSttpVM
                                                                                                                                                                      MD5:5EAFF63A8491ED278F60768D4DC1A4B3
                                                                                                                                                                      SHA1:38A71112501A5904CD4FA27AA07EE90FB005B21D
                                                                                                                                                                      SHA-256:4AC24995621F263CA44871B0600224C4255856CFADE0C1E8996920A7842B58C3
                                                                                                                                                                      SHA-512:386D9702265090DEA095634F53B9E2F696544F0BF22E93C179EC03C5275215485F89FC660B7679B9593706603CBA034F68A8147D76D3F83D7073624014BBF703
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.i.*.^...w...VA.4.K.ai.".t...........x+.u.....'.......zi......4.1..H_.:../..bT....[h......&0w.0o.Q.&..9.z...4.j.P....6U[.X.E....~..5..L.e>..u...p.9_......F..v.Z...\j.....W%..%....+.!.K1 ..YG.-|.....5..a]LQ.@^.~.9.....1l.iP."..Nc.#..f....ow.t2".0(;;.....f....W*.w....^\..%....Q.@.b..=.....wF.U..p4R..P.v/x.U...Xt.p.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):478
                                                                                                                                                                      Entropy (8bit):7.603784011142014
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:ofmU8RQFHyv1kHlE1EmeH7nganioTE5ActLlVM:o+U82FmqHlNmebgloSttpVM
                                                                                                                                                                      MD5:26276F65F1903750A999CB8EF3A24C86
                                                                                                                                                                      SHA1:A7D2C30D3375AB358DD9FA04973FA16F88CF8E12
                                                                                                                                                                      SHA-256:24609B26A525EF2704D9A7DADE1F07CE1B601839DE5EFEC873768DDA50F8DA4A
                                                                                                                                                                      SHA-512:8AD01DA2EE369B452357A5BBB33E82364CEE91439FAD1DED85BB82C3497770AEAA2B66A923F61F3567CA90765A53D14C16D3082EF2D630DAD400A75773FB9F10
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....cO....H...{#{..7...?<..........>.Va....Gr.. ."H..uQ.h.^.S].}....A.Bn..G.-p]..4.:..l8%....&.."...g..C)2M.....<..gb.|.[f2I..;.k2Q9@=..w6...<.Lt.....@.Fuy..G....N74iWP.f.#.E.H2..~:9.9.......Q..ES.rb..&..F..z.../..i.I.)....n^.}.;.......fjLQ......<..I(N...w&t`".0(;8......5^..........k^.tUAFY.k.(....{.........us.2<...?o)BP..........t?w=r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):465
                                                                                                                                                                      Entropy (8bit):7.528534469868815
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:l7mB7pVsxoIo4yio0TKHp/7xTC7ganioTE5ActLlVM:orSoIoRiKp7xPloSttpVM
                                                                                                                                                                      MD5:248BC2A21833815F68E2DE03435199B5
                                                                                                                                                                      SHA1:39ABA959D9D0196A46185C44EF6DF08CB44313D5
                                                                                                                                                                      SHA-256:7B8C7675E52C2A8C525A2F41385A39FD0EFB6D3758F73F22313CCBB667513750
                                                                                                                                                                      SHA-512:327907A56222BF7FD71C76EF539CD83EE8C0895ED26BFD3A934210787F4F24B4431EE9BEE6B12AF21938A05613F7960C57F82D8AB53D3E88C0260AF6C9359EB7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:#.l{....U~....r`:...!....dt...{k#.a.6.C.....$..0\....E.V#[r.B;..8...<D.a........2"....`..Ci..P.....c..u.'..6.>57~...>m.x.!...."..S..8.!m.!/.%/...SoU....oD....@w..X.....!~b.-.^6...mFe_.R...\..(..@.K...G.3#..h..^.w.=...96:}mX..~.N./...fp..{sw&t`".0(;8......5^...X.J4.Dg.j...2%6....z..<T......l)...}.8...# ..A...tP.v...]r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):468
                                                                                                                                                                      Entropy (8bit):7.539087604245374
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Ha66MocLsrvr/DMLQgTl6NmzxganioTE5ActLlVM:rEcArvL48U6NhloSttpVM
                                                                                                                                                                      MD5:81C3DBFBA07C5B76A80CEFE8D7DF7C88
                                                                                                                                                                      SHA1:8D22C111961AF5B1F09D04945CB81AD08CB21826
                                                                                                                                                                      SHA-256:1199EAEC2CAED93FB874D21EA87D2F9D4A35BF16D4CF8CA302359AFD6533DB4A
                                                                                                                                                                      SHA-512:BCF021D7F125087CA3B2217902264E696F4FCDD0E5BEB2C59D8F126677F76A21BF1BC049CA30B51478912B9207DB2CBB799617E0216E0428BC558FD53F8B76E3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..T.Jd.`..Q.Wm%.]..]#]`%H.^....{P...N{.-=WwS...;..g.}X.#....+...D..j9..C..M2....EE.uo.] .......xS...0.Z.e...&..l+...0.i..x...T>_Xl7y..........+0v.......t%#9....A.6Z..:;BQ..._.g...xUWdE6.>).eM.s}\..@K.m...[.0....^.).j....\.b=[....N..#\.{pk.#qh.t`p.0(;8......BE.~...1}>8..(..R.................J.H.;..<z.....n....-N..y.q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):457
                                                                                                                                                                      Entropy (8bit):7.579774631995375
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6ShRyqrLMFgekg6zxWU305ganioTE5ActLlVM:ZLP4mekgGBHloSttpVM
                                                                                                                                                                      MD5:046B8E025DF8D7C6B929B6862BCC842B
                                                                                                                                                                      SHA1:F90986D1530758D7477109648937E96A11A07466
                                                                                                                                                                      SHA-256:0CAD008CE900265F84B382790FFBF8945DC7A8853D4572D5D8BF82F46F4B68A6
                                                                                                                                                                      SHA-512:40E6432B342826EDFF985E0C569AE7892ED6EB5699290B5FB491463E25B5D29F354D34CD6E389F0D4988F0DD6E8F6F335F65B506A2DE48FAD3BA8E0A7D73C907
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..^a.Eo..k>m.L1.c.rW..M......G........L.p...WLI..C.[.....y.F....M......l.....-@..s.\..M6.lg..nF.m..)J@..s.g.L....%...j.4.<dJ.....;.5~....3s.`...N..7i.>....M....6V^..*.=.MP1-....@Q...0.a....0R.c@`u.Q.y.=.X.....KHb....[.....I.s..qh.t`p.0(;8......P......W..b|?A.I..L......."-p...T..Y..../..0.E.6..ZD.C+<...U.q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):466
                                                                                                                                                                      Entropy (8bit):7.490065742930898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Us/IimAUIDlzIHeBlaHurD5v8jganioTE5ActLlVM:JbUoB4QtjloSttpVM
                                                                                                                                                                      MD5:5EF8FEC748EAF8A411B2F86C47181329
                                                                                                                                                                      SHA1:F1548F1785A7834E6F8D20295123908D28695ACE
                                                                                                                                                                      SHA-256:0352DF8087C353156407D729DD8289C2F981C04E2F8144F0AE5EFA80D03D82F1
                                                                                                                                                                      SHA-512:97046E287520736523DD0CFCE8EF2AD71177287B16CD5423BED1CE8B263CBA6D9A24D42EE6464FD7CCEE45E2B8162329AC4853763215987055625C2BE60EEC47
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<..4..X....0j...!..Ks..\...q.... .&..4+.!....R..*..4.h...v...'..6..%...7.....Zg_X....n.z.2nXC&...X.'.7.2...4+..%.Y. ....o....{8Q.=C.:`[.B0W........6I.vZ..xE.K..b......@...6..4.....5.4T.?+.....n.a....}..=o..o.Q.,.n....)..dP...tW.V...~..qwTt`".0+;8....0..4aN.c.....m.7.oH...a*.....:k!...\0..h.W.'`.\.,..6W....3;.Yn.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):481
                                                                                                                                                                      Entropy (8bit):7.470937850462275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:7RcDsSpEUl6ksP374V5jmw8bZxXlDQw8jRganioTE5ActLlVM:FcxbLssVxrgfXlUDqloSttpVM
                                                                                                                                                                      MD5:317DC29CA4CDECE73957EC51AE43BBE2
                                                                                                                                                                      SHA1:86BCDACDBDCE629C54D0BBC89C08ADF0607454E0
                                                                                                                                                                      SHA-256:BB94339F0767DCF768FF37334645CD0BAE589710111550994339206F85EC9B9C
                                                                                                                                                                      SHA-512:568314F33AF49F8FDCAE2BA44499A55E82188850262073E48176AAD4474726DB63C266D3798F9F73526BE8A174B845662CA0E602A19DEE1686086298CBCC052D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:W.Z.V|..%.;....)w.~..?......L.c...3....L...o5....YYsB7.si^...B...?8]...Hp...........o..@..I..g.B..q..)]<<>.d.;..9!......Dm.M.j_.&...X..ko!..O0.......\..'...........n..=....Y..x......iF..`.kgts..)P.c...0...*.@1`..O...PQ.,..M......AG4...PPj...&.!r.qh.t`p.0(;8......7&..!^g.^.!`.kB./.*. .w..m.q&...RN.....6 0.A}....cm....Vx..q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):438
                                                                                                                                                                      Entropy (8bit):7.532280505012691
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:sBnTYrR8u0UfbjYSIAFb61tLTv4UoACmganioTE5ActLlVM:sV7UDxFWHLdYloSttpVM
                                                                                                                                                                      MD5:3C3C89F9146E28A91A13DEDE487A39EE
                                                                                                                                                                      SHA1:33A9E41D3F9E162971BC4521AC702840C048A851
                                                                                                                                                                      SHA-256:F2DA82D30D318BDBE78B256BE630F241B5B7FCF1BBA167D5A7E4CC4F2AB903E1
                                                                                                                                                                      SHA-512:A59600CD131067A62AF44509A4827C380C21618637E9C108B65455369E43EF0FB7F5EB5B6EAEED3E95AF6CD68173311346A68DA357A519F92E850ADC2EB5A9A4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..w...bJ....d.`....![T.l.C,...Y t<.}..G..=Q..9....?...|....s1....eD..rn.9.(N..=/..C....o..J.....R..Q.y7..v.............v....zy.O....<T...Xj....-..$-..........b.W...`!`.oKw.)v .....hQ.*.k....).J.1..$..Wr6.. .!...w&t`".0(;8......5s&<.-u\.:..d..u.u.]7.....~^M.."7l8..l.b}.ylc.....{....h.p.fR.4r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):460
                                                                                                                                                                      Entropy (8bit):7.580262069420049
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:mizLIrMU/KYKp4ikCP2OMqEmg7jWganioTE5ActLlVM:dkMU/JKp4ikCP2xqKnnloSttpVM
                                                                                                                                                                      MD5:D22ED7EC3DD22D9AC192112023D571D7
                                                                                                                                                                      SHA1:7B05C4FA3941275A8F8C6E46FD7203FAEF6F4F63
                                                                                                                                                                      SHA-256:2C3A8B024D43DFB160B2BB34CD4A756A1FB2600248D35D6063A18B71BEB11F28
                                                                                                                                                                      SHA-512:3545E2998C75633765909EE23B3E49410DD95C14EB87BA36277EE24C2D6F5BFDDDEAC3E25A462903725437893B3505CB2BF5B4992767CDB243C05C29C3F0A1DA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.d...5.....t...va....L.{.^/.E[..I.6IM@.H..O.*.n..|.Z.4....e.1...o.......U..........e.0.&.....&.f~.xI.%....BF.....I......F3.|!<.L...*..6.&...B.6.l....T.8!...,{.p(& .......Vf.. {m....A.W...xT$....<.P.~.<...:69.>P....J..]....s...u.U`".b(;8......5.hD+.H. ....v.\.N.^..\.Z&.7....E..q..?...X.u.}...A.......SO.?{.s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):463
                                                                                                                                                                      Entropy (8bit):7.549074865147153
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:bkX2Go5RBIpDaINERcwhvganioTE5ActLlVM:wGGoapve4loSttpVM
                                                                                                                                                                      MD5:097C5415074302EB9E5B99CC031CB5AA
                                                                                                                                                                      SHA1:93E8CF8A8A5FCD90D4B4F8C3274D9F10DFB46206
                                                                                                                                                                      SHA-256:2395BB302911CA0D95DE9A3CBF5ACCAF7B0C7B685AC461919916DB86A84A578E
                                                                                                                                                                      SHA-512:E3F10646F329C37F2AE81A8AA2F7623F5EA8D008DFCAEBB1A1D20ED2EF1D38F9983C552F24EFEB487FBA197ABE8147165ED67ABC5755F1D5DB29FBD8FA981BF7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.F$-I..iP.....I.e.t.d.8|.v..2.P..;.&. c.]...(.d..?.(..MR.^.2}..n..$j+.Y.R.@....b.\...';9;.@..w...2jO..eQ...8.....u\71.ao..P....|T.^Vj@M.(..w.C...zt...f..=:.g.r.g..].1{..4.B_f`....5.*9.....j.[].....Oq..P.}.h.......Dc...XP(Y..#.!...u.U`".b(;8......5.{.n.0.S...o./.......(..J.......4..`~......u.....#.........ps.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):475
                                                                                                                                                                      Entropy (8bit):7.5489066265835465
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:SgHmWaxaMssRkGfQDK99TXxNPxganioTE5ActLlVM:SrD5RkqQD49TXxNOloSttpVM
                                                                                                                                                                      MD5:75952EB3C0C0756AADC448BFDE69F14B
                                                                                                                                                                      SHA1:4870D39704F46568E39E87C4AADD682ED9CD5D6E
                                                                                                                                                                      SHA-256:7187AFFD1BDC8C34F3FB8804635D1EA8640DBD48B6D8B96A979F6D11409B0277
                                                                                                                                                                      SHA-512:3BC4B2D5C0466BCEFD132F5A0F1E87B5EF8262EFFA3FF8E861157A92C784F1676E889E7BA42D440F100699FCC5B6EBD1FD91831BCCA83C39E6C2F1811D2C8F48
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.{..T.u.<.t4k..P.M... ...?@..g.Df.U...7....O......FA.....I.gq...{.O..Ks?..>~.{..d\......it..!G.i]...u4.A....G.....)..[h...R.8..U....Y~..M'...\*_k...TG...[~...."{..lz.|..X.yO... ~G.H..7z.1....x..Q..R..'......F.f.JfE..P.}.<....^...L...MS....fp..{sw&t`".0(;8......5...!...F..T.-.....#.j.-..J>..8.JN......".3.++Ek0......e.M..Ir.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):464
                                                                                                                                                                      Entropy (8bit):7.575432241798994
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:a/AKxrTXdAoC3EfuI31ACq+TEjqKHganioTE5ActLlVM:efZXGhI368EjqNloSttpVM
                                                                                                                                                                      MD5:6620215092F7D62316B82234130D7E44
                                                                                                                                                                      SHA1:8E82F73DDF7E09D10295DE6669B7983F79C51468
                                                                                                                                                                      SHA-256:1389DE1DCAF008B8EA33599842CDD76D13946B1F360F884FAA1328B2A8387BF9
                                                                                                                                                                      SHA-512:DD4EF1E19988D6FC8235D65CCA718AD0E59D85596AC1B94CD28C0A6CB9D8D3277FBAA6E426C886326CD08A86D4970FB391EB64901DED21164F8A36EB9189D8FB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:d.....f...f^.......5R...wd.'.....Go.^...{.CS9.i.t1...C. `.o.f..F.K.gTTp8.]Kg.{C.....j..3f_=.Mc...Zrd.;....}..+[Z..}.Bd.....&....|....-.@lI....D...p..Ul...q=..jB..[.....a..D...t#......'.$*-p.~..3.Z...o....t..AQ..^P.{.i...H95jvn..x.p.t.!..I3N..qh.t`p.0(;8.......c......<./Q."Y.a...:.....L..>..8...2..*.Z....4.n... o..U..yq.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):460
                                                                                                                                                                      Entropy (8bit):7.5046502771616765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:xI8WXJSp8Zbw5ldq2fagFgpsganioTE5ActLlVM:yHApYbwfdq2CAgpBloSttpVM
                                                                                                                                                                      MD5:D2B0137B7FD6C138F3EE28B8F8BB5817
                                                                                                                                                                      SHA1:C3F80DEDFEF723BCE2931A43A966C1A75C39F724
                                                                                                                                                                      SHA-256:5F1D86220FE02D981260FE95B4D1C4224BE2C51B5C4005BCF8CBF700E49DC6DD
                                                                                                                                                                      SHA-512:4CD2F8A536F51FAB945075F26D80BA48B340D33254509AECC8C59C2C304553F706B6C4DD1ABC0435623380E471E115853DD778988BCAA723F84686ECF624A95C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..;.r.9.k6~y.......;LXE{..l..."#.W..w..B.*....A...O3W\.n.....=6..&..Q*......._.zO......~s-CI.7...}B{...-T.Z.].....a..dF.0o_.;T.~1.2l.0...S)......K....g.e+o.@j.N..oS../.....`...;....]."Wj._.f....;...P.w.l....Y.b8X]..@&...I.N,..w&t`".0(;8......5.......z.1.t........W......D..*....j.....kOg....5m.....q..hO.r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):440
                                                                                                                                                                      Entropy (8bit):7.558532505528072
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:4u2zH/L5IL0yDJ/NtJ/gganioTE5ActLlVM:9K1ofD73/lloSttpVM
                                                                                                                                                                      MD5:F05397A3373DCBDCC00B671F8C62DD9A
                                                                                                                                                                      SHA1:E8231894DA432FA30289E020A0ABB4572BBBC891
                                                                                                                                                                      SHA-256:CA265C3DF9B4BB9DA47E64169FC3C3087AA3F91F32483AB4BE4D918767292EB5
                                                                                                                                                                      SHA-512:0831D7417A1E804373C54465308D4E3A21F362B6F79A3F77486E65F40018345E807E468E1A8D0F70DDC440F084D27D1174403E8244978E6FC61BADF39E743387
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:H...(!.sZ..Xo.....F..=|....tvQO@2......c..RY.h.o..$....So'......5.;..H..@tD.X..n.....BjQ\ ......W..9.]f.T.5...........UXN...FC?...p..g...}._l.>.D...q....j%.Q...I.h.=...h.l.mW.-W..]V...-..M......C@3...h.Z... .!...w&t`".0(;8......5....+...r.I`L...n.l.ZFO.....<A.G.a..8..p..G...BH..%A.x.~.?%r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):468
                                                                                                                                                                      Entropy (8bit):7.5587869225122
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:vqhbX/SnP8wrGG/xCYnLV77NpX+HH6hyvganioTE5ActLlVM:vqNX/ArGqnLFjX+n6hLloSttpVM
                                                                                                                                                                      MD5:F372B0F9B600156BF31BDAB3D32E9D96
                                                                                                                                                                      SHA1:48F99E17ECE3FA74B1114C16AE303A415369A692
                                                                                                                                                                      SHA-256:D394BD407AA4D31B50F2A15B3899F2B9081619CCAE098DD218F0152FF32C781A
                                                                                                                                                                      SHA-512:08BC94419F5F2C0DF1E2E247A6EF997353C37F1FAEB9271D254EB2C37B7A91CE939865A8174D1B66610BEF158476EE72A928DFC3CC188FF909E26D19C8E1A4C3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......yL{X.x.=..+An'7.t.L...\.r..T..1.)...y.....L.U...NVW..)o...RG.!j Ie95JK&*.Bf..U.4....gt...#.........H.Ugl...&Ux....L..|`....q!#..t.=p..s.B..]....p.dP.^..M.X.c..[.\..fe.....m......Y...p..B..uE...qc..T.,.&...|.g......f9L...........pw.qh.t`p.0(;8.......>Z.L..].......J/j.....t.a.....n.N.....1.ab.K.N.vA.....,.....q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):469
                                                                                                                                                                      Entropy (8bit):7.5166410018821175
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:cb+25nj7UwrFEA3xDhESSARELn2ganioTE5ActLlVM:cb7UwqA9hESfRsHloSttpVM
                                                                                                                                                                      MD5:64DFCF7168009575CC0CF5BAE9736B39
                                                                                                                                                                      SHA1:502AFDCFEE18FB1463907FB20A84EC4DA6D23397
                                                                                                                                                                      SHA-256:4EEE13D68527CD2A162C28A4A4DD2FD15DE19128EE1ECBE6E17C0FEC25DE8905
                                                                                                                                                                      SHA-512:48432399193ADF059D80067D083EAF89266E034E5843D325F4121856AEDB47B52C0A9581562B1B19D4EBE809274AB0EE0B5EB25D29021A53A98702D74D078399
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....e..U.H.i.y..DT..?f."3q....o...$.qB&....'Id.....{.8..<....^.L|...e..@..6R....z.h.g..!.(U.E....AD,4w.=....[....-.Gn...O~%.r......{..f2......'.=\.....!3qt...E...*.=4h......!.1FZm.c..u.........O..+.I.r.)..y.;...o!.G.m..$..T(X).2... A...`..0(i8......6.....WlP5v^.'.....K..(.=u?.r...${...+^.....\O.B....G8..(Z.>...@.u.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):464
                                                                                                                                                                      Entropy (8bit):7.52311809339087
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:ZmrsFj4VHZVz6KETKMganioTE5ActLlVM:oi6Z4KVloSttpVM
                                                                                                                                                                      MD5:4E8482D43A2FAFB4DC4156AA421BAAC2
                                                                                                                                                                      SHA1:8F937B72065BA9E733C14A7FC5E766E25E85C2B9
                                                                                                                                                                      SHA-256:820F008137B351A7425369C3BC231807962F5FAFAB171B7BA7924E2093B0E5CC
                                                                                                                                                                      SHA-512:8882B1DB691DAEF5A60ADD094186AF972843DEE60F32CFEFF69EECE3649CFC6585CEE55576B205EFB06A9B79FC0D7F89E554DF86E3D5E24432851521CFE6D3E8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.$..h.DL.\..:..o.{X....T-8`....W.5...0..p.l......Q....$[..=...Q.......[.b..o[\g..9;....o.c..}Z....I..EN.=....k....$..v....MA.JU..8..:....<..t...fX.. ;..?.%......+..S..i,...1......[..|.<..G.U..C..*.>+:6..6!.W.....m>Y....\...c..~.N .'..".!...u.U`".b(;8......5.}...LG;b.4..+-.1...i...K..j......pH(.-.s..t.y.3...D......a.....s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):460
                                                                                                                                                                      Entropy (8bit):7.5082696641223725
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:KpkibvuvXUAvyaB3HJL9kB/4ganioTE5ActLlVM:cuvJv7BHJL96loSttpVM
                                                                                                                                                                      MD5:5D26E9F734657881C6199E064C30B809
                                                                                                                                                                      SHA1:0CBE2649FE60DE6C22C4FDC0CBB66B8E8FC7B21C
                                                                                                                                                                      SHA-256:4053A97FBEAC3E89738E58EE023C04551A66365E881AA80E14B83006918B71E1
                                                                                                                                                                      SHA-512:59B1EE99A0A7A8CA6C9BD7E35F7584422820A58ABBFF2AFDFCCFAA217DC2D7949008D48FE3CB8166FCCABC96909F3EF0AB7182E19211D483EE2EFC4F31AB279B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<...[.R.W...&..'.....zxe.D.Y...}...u..s....@.9...7Q\(...YF..3(...%......K.I..c*/c.........g./..&.P..)9..h.k.%....hb.....{.M..!.......G.\=.;..~E.;.M.0..u'...z..h.eq...Gt........O.l,.(y...G.(.....'f.~eQ...).g.....1<}8X..|.O..h.....cqh.t`p.0(;8.......|L..v;...X...&.RG.......[.3..hs.b.P,M..<wbk....3...1.....w..q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):439
                                                                                                                                                                      Entropy (8bit):7.418569216536371
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:5m2qnSIjXNjFSblN8Dv3XiH4gganioTE5ActLlVM:5mCi9jElN8TTloSttpVM
                                                                                                                                                                      MD5:52BF644F4026036B51007839C220C6D6
                                                                                                                                                                      SHA1:29E771B9B7441463FD47075F255406CC37A86203
                                                                                                                                                                      SHA-256:CD3521D4375C76AFADAE147DC75E325AFE23963949ADDFB9D657CACEB2132ACA
                                                                                                                                                                      SHA-512:F8B3DED65D9010C7473F5829BFCF67E7FD6098742678D936FEDCEE44EF26C161154157D12C62D9A274475B2C712057E1FA8C7937009D490FC9107F18BB530CBF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...n8.<....e{......m%.......uuW..Mk...K...C=.;.<`..ye{x....n..&B>..Dq..9..`..djr~7k....u....I..Y......)=.|CZ9.17...m~....,....G%......m.......r~..go.t..7e...^.....H..k?../w....or..5.x....l.......K.3........T2pK..qh.t`p.0(;8.........hh..c8.D4.:.RN..t.....i..F...(......3J...I....7!o6<d..X....Hq.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):457
                                                                                                                                                                      Entropy (8bit):7.53826340470131
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:ms3uqqMjfMG+x4cLUFAQ5HbuMnm4e24++mganioTE5ActLlVM:2qqefMGXcrEHbiI4+0loSttpVM
                                                                                                                                                                      MD5:1859774DFFA18F5356F4FA6F9C3C9326
                                                                                                                                                                      SHA1:A383260A36EEDB4256DC5D5207052495B138C6A9
                                                                                                                                                                      SHA-256:F10066E45C5236555F5072E1402EEB77BE3066EA61291EA85A3762F4AC08B90D
                                                                                                                                                                      SHA-512:1D0451D210F1B43875603F8F3A4A542B96C72B9E89B6B06742F1B76D163218D155C339996072B66C8F192DA60EE3D3A2D3D7C8A09CD733D73BB99F68EA4ED1F1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:9........t`hZ...P......yN.[.....DX!!....u...si.\...=#Ar.!..^k..0.....'.7..r.....=|N...]t%D&..e......$...z./'..D.'=b[3.'..j..w`.w.".Oh9.x@}..H....m_...6..CM.]6+...c".....\.k#..X!..;Mi.f.].(....#.H.f...).l...>4?vn.]..N......|..qw.&`".0(88.....~.W]._A.S..$....SM.y|g..9-8.G.4.(.r../.L...m..d.:p.mQ...c..fno.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):460
                                                                                                                                                                      Entropy (8bit):7.5017204468777505
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:DbD5d7L2/MAgoO+hPus7Vj5C0aUgDganioTE5ActLlVM:XdtHAw+hp5Cyg8loSttpVM
                                                                                                                                                                      MD5:3CDE526252F051E65F607A7AC78B9E71
                                                                                                                                                                      SHA1:DE8F67ED952480B7F432A8068B6A894B5567E096
                                                                                                                                                                      SHA-256:98E1DEDA311BF880A6418DC8150392AD2873558E8906AA554CC9B0093A09012C
                                                                                                                                                                      SHA-512:1646A4E15B44124CE62306A1C782B4A65BECA29CCABD487A3500F1BE8E1DEBEBF1390C61CCB35A3E3433DCCB419A9F7966AB5A770B5F6EE32033520CECC5DB82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:).8.<..9tQ....7....2.^..6.`?.P..2.|f.[U,:....C._@...uE.D.[.y..~i..T...9....o).......;.M..]K3*..k.V...*}.$$8,..s....?/..n.....=...#...^..I..b85.$..[...b...&.l........x.C...t.I..:....R.....w.:...U.kjY....z..M.4..<iBMa......jd...-...qw.&`".0(88....`.m<.....K..F...... ........a8.Bt.e..J...q]..m....L..q/k.a..o.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):469
                                                                                                                                                                      Entropy (8bit):7.525051923998355
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:k1POpWi9eKD66ddPiG8u6uYcDMbdfoxganioTE5ActLlVM:Bp9UKD6GdKGCFcDCfomloSttpVM
                                                                                                                                                                      MD5:52AA368B22CD2C65BF87EE38B59DC0C8
                                                                                                                                                                      SHA1:B9FFD38B78F00309FDE5E3AC2AFA84AE4B7C36A3
                                                                                                                                                                      SHA-256:7C474F5485EDF732AFDB3CD1674D0968D5F524A679EB05F5377AFB56EEA9F881
                                                                                                                                                                      SHA-512:BB5AF46306D3DCB74BAF2AD2E47BBC59FA7264EA4BB003E2B06C961AA3906CF365A1416272B22A262268180D8012B5D249167B1B0A4B6C8AB0502A67C45124CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...+$.OM..`.."8....>&..H]P./.h.k....X..o..."TM.......H.|....-`.QC....k..R..;4.&R..!.`....y....=...3.1_........:z1....'..P.nJ.....o.+u..-1... .H......1...q..ge.........x..dK!0.Y._q...u...&.tx....O1..)7"/....`....U.....m.......bh@........T.I!N..qw&t`".0(;8......5.`...o:Kx......Y...w.`.......6..O&V|<.[.n{f..w..6...M....X..*.r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):463
                                                                                                                                                                      Entropy (8bit):7.547598412569023
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:THEd6SshbS29ifZQfM30KZ1uFk8G4mganioTE5ActLlVM:Tsshbdkfd30KRL4XloSttpVM
                                                                                                                                                                      MD5:097904E8C71E04ED6D3C8018C72652C7
                                                                                                                                                                      SHA1:D1101717F75ADC0116D1BF03C07D54F4913BA132
                                                                                                                                                                      SHA-256:ECEA0974128AA329880CF73D974AF86AB332532B4C90B4A62FC816563A8BFD23
                                                                                                                                                                      SHA-512:C8F21AD5464000D20D52707DB0752291A19BE45E344BB154A929865C63E52BAA95712BAA3017A54E1153E46AC0A312B034DBA92F660074E43E67E0B7E4225182
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....~.......f.dD....t..L..d...'.A.=...:E.e...L..F..++s;.f..5B4.i...D..d. Pk....[.e.x!..+..+Nm....g.Ue....@.M.......ot)...fl.[....:....L..<\....g.P..b....g....M.bk........m.a..}.'.B[.r.5C kQ.B....U.P...}....f....\...3$.<.a.T...u)!.{sw&t`".0(;8......5.P...C.s6.5..v}........t..Q...\.M..U.Fsad.....T.m|_.....p.^0..r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):468
                                                                                                                                                                      Entropy (8bit):7.519879159061141
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:+/LagQy89YzmGhrhggAIi7TXganioTE5ActLlVM:+Tl8uzm0tzi/wloSttpVM
                                                                                                                                                                      MD5:157B1385E9668E74BC54EAB2EA2E6F28
                                                                                                                                                                      SHA1:8E4A34CDA4FA84C31142143F42BEBEBFEBFCC9F9
                                                                                                                                                                      SHA-256:7AAD65650AF6B97FF348E42DB3EB4E17CF28609838C6E5F84C3070AFA66B385B
                                                                                                                                                                      SHA-512:27E3F64F8D41347457F7B80D27EDDF65662B548AED6A2DE00403F670EB7CF386CE11993476201616B502998F2E18EDD1F39CD096ECCAA974CC21A8D1D41616A7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:/..0J$Wp/w"X...%.Y...<..w.G.zJ..M.7h.GRo..h.J?...'......E.._o9Dj.P..9Jh....8.a=g.j...U5.......3C9O.......D.qG..y..'...../...Pp...(.&..@RTk.F......]....4<F...7..0Q.2kK%......3.!yo.3..W..a9:...Gl..\..i...]sU..{.i..1j?.6.>.....Q......e..qh.t`p.0(;8......~{.>.....:......T..jD)..\....0.)..n..+$.[...%..U...1K.....=}.q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:PGP Secret Sub-key -
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):462
                                                                                                                                                                      Entropy (8bit):7.543129130406619
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:3ecZate1impHhk8AaP2MtgsF3P4w7jhZmganioTE5ActLlVM:3eox1N7AaPdtpF3AEhZXloSttpVM
                                                                                                                                                                      MD5:FA16CD4C1C382E8E463394D190FB158E
                                                                                                                                                                      SHA1:91BAE632B74C74A289C6DBFB91488B462DF9B6F7
                                                                                                                                                                      SHA-256:494A05504B450F994BBDE5A7B1F751FCF4628801FA12375F729162F800135FA0
                                                                                                                                                                      SHA-512:D3A2673B9C8AB1A99919AD0BB6B92AF24911CCB115176188E059D07B4F912A4A4992D4B89E3533D8ED0DFF46D07677B1091DFEEF5822B68AC9046D2116F9389B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..Q.E...:g...XZ...:.1u..p....;Y.[.LM.81D.........k:S.[HIl.Y|.d...".........G.;E]..:D.B......"..3.gef.l.b..P.n{.*......7Rv].<5......>Vf.b[\.R.q;....U@R....{....T.c.......J.....L|....)le....I..P....Yg..Y}....z.g.X.....A@7....pI..w.!..sw&t`".0(;8......5,KR.]...z.....}o..{.jPy....Qm."..4`4|......!..vbk..^.v.#@.j..>r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Public Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):455
                                                                                                                                                                      Entropy (8bit):7.57142740014933
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:pCPP/SGpoE/lJsAiDfzGQ8ThNvYRuuNtwwqPlFXganioTE5ActLlVM:piSGT6YzvYKw/loSttpVM
                                                                                                                                                                      MD5:D7B6B86563D50A95A8332E247E7FDC04
                                                                                                                                                                      SHA1:4DF259B777709ECE4F68E22A9348BB39A06A8119
                                                                                                                                                                      SHA-256:D4A2417F61E79BF624341230A6601DBEAACBFEA793D9B7B9486171C0B78C9D50
                                                                                                                                                                      SHA-512:F211E9AF68FD17B5624F7AD041041FD2B030C0B91B0A2DF521285543F137581F5E5C7C38D17F0ED530EC373661E510A9A77329FBB50DDA16C8BE6F8A2D9F93E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......D..b.X.M6.~#..h.X.O...y..}.>._...*.i.^..8...S.......0J./.....SG....s........!......#....w.R...Hw5.%..........A.L.x~.z.M..E.$.T.-..q.4..T3...Em'F........B>4..#,.o..+W....d...v.h.u....F.......<.X...\7.nm...bJ..d.../e..q%.t`".3(;8..X.yE..kB..m.J..."......J..A=.b.J.J....fpk..g.]x.......X;.,m.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):469
                                                                                                                                                                      Entropy (8bit):7.533953024540657
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:4tq8EZPrz3UKLF5vNznxganioTE5ActLlVM:Lhz3BRJmloSttpVM
                                                                                                                                                                      MD5:B8C8A0681E9982A112BF9AF9FD767F79
                                                                                                                                                                      SHA1:5191B9237B3ACB14478D3BCF848EF14641C2E94D
                                                                                                                                                                      SHA-256:1B394DB0D88F986585BE94DCFA18140258398AEBE5F30CD8B6EF6BA3D4713BCA
                                                                                                                                                                      SHA-512:94F8CE5C301F4CC965D3DC41D76898C3B15C419837B85B578E8560C97A76D59FD0E7F5331DFBFA2398A6C867136D84077C75F8C4BAA7D13D06F5BE57BA910202
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:E.....]..+;.^.....W... .}.....&GL.:......M....c.SI.>t...\4.j*5..hB./.....-.......-.....e.pg..!...pv...q..M|......8..0x.Q...HjN.Pv0.KU.......=..a<..<`..M.H..}...........F.g./x.`.g.~.4.:ra.....le..N..J..F..M..~.g.......E.6X..K$.?..I.N,..w&t`".0(;8......59.z.!VI'......r...0.s....%?q..W.m..v.%:a.7>M..=!G....E.x...5r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):468
                                                                                                                                                                      Entropy (8bit):7.554410421716937
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:InQuXkOJ9NRT3oAbq/9x7rgFAtganioTE5ActLlVM:IpXTRSHHSloSttpVM
                                                                                                                                                                      MD5:6D6D66EA7EF6DAD1EBD535615E1469F9
                                                                                                                                                                      SHA1:AFCE6087CF5FFA7ED03175A757CF367A1A2C2A2A
                                                                                                                                                                      SHA-256:F2D8686C40D14F8C2013253A367080DD64820D4D1C14C6A3DB8A21FD3C567154
                                                                                                                                                                      SHA-512:2B44CF3B3ACAD752D62EEAEC4D46A0E2D72F2F2BEC99DC2C786D2FE99169EE3F4D4E9CAB9524260512EE781CBFB5F514E58B6B26161D2A0833E78761E26FBE16
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:z.k.3.&.CT..h)L.C..G\.W.pX.=vQ....H.z......%h ]3...+...{.....4$.e.E...I.C.A.j^s.P....&`.mA........t.R..~f}X.....Yu...;.X..W.k2.qp..._.Y'.q.....F...%`H?.....P......<..B...P7,.m.#....'>..FZRma.w...9; ..*H.W.e&..Ti.q...}.f...:6<}kY...;lPu....pO.qh.t`p.0(;8......i*. ..~|. d>..NwTg./;!Mz.Y...}. ...P...W1fr!.....4.,.2I.h...q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):476
                                                                                                                                                                      Entropy (8bit):7.499476964478482
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:cPXQUZ1G3E8DQLYY4OzXKiWc4VXP7ts6X7ganioTE5ActLlVM:pUZk3eR4OgXzv0loSttpVM
                                                                                                                                                                      MD5:21AE026C26F6712D76A98F2FE616A2C4
                                                                                                                                                                      SHA1:01BE44CD1DE64A76DC99082F643F2DF6AF7E5DE3
                                                                                                                                                                      SHA-256:2CC8E8BE9CB571CF0CC31DBC55A5D79A860996B5640DFC1D21C2304BDB6F7E79
                                                                                                                                                                      SHA-512:76460374252F9DE55E4DA367CDD5F2F4803261A81CB815A764164FA14BFE6202C6764F4DB156E7D0FB1B5E4E46E8E7F35857149D8FB38F7490117A6FD2BEA697
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:t..#.`....].9.q..!."..by$@.z..%B...w(.{Vq\..v....E+@*.E...w~my...u.~w.........7Q.p.....U..=.......K.k..#"7. ..K..$.W..A0..=......y....3Ey..... .f...+B...J..Ie..z.....?..:...[.p...z_I.......P.7... .p.-........h..Sg...v.k......E.7$......_.o..v..Al.t`..0(i8......6......S.L..^...b......V.i...p.|.......`.e....A..&$6.<...........u.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):463
                                                                                                                                                                      Entropy (8bit):7.5286547842036535
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:h25/RowBy9lrpgoAENzQo+7mqEprvtganioTE5ActLlVM:U52wBy9ZAmqaqLloSttpVM
                                                                                                                                                                      MD5:D703B045DBFA6B4DE8BFC4E13F0FB5CE
                                                                                                                                                                      SHA1:55B20C5C9F0CA1D8F317EF109F92CF7D86CC9F2D
                                                                                                                                                                      SHA-256:D4B8167C7019E57C754D363436087B04E48EDD33A720B658CF3A0ED10E6AA5AD
                                                                                                                                                                      SHA-512:9DE4D84E6E0B0EE0239E5189B46642270276517E4FB73E8F1AAE4DE13EF403364119803CAB89BDD3F29454334C9F1BFC6424DB93210A6ADE2386A72E3B8E7598
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.z..c.T..:E.@.8......6-9.0l`b..L>.w....g.Op.v..EJ.....0(.. T..v.O.y...>.@.....fbP....TQ.U..2|Gyd...K68..i.As..G.3...RnM....&...hK.....r.f......7...nS....`..7e.^et..O..~.:d..z..hj...e|:&.OYa..3v@QJd.m.T...v.h.....5j}8Y..=t.......s...u.U`".b(;8......5.?.l.+S. ...{.L...Ofm...-.Xuq..:....K.:...#C.o.t.......a.....Js.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):456
                                                                                                                                                                      Entropy (8bit):7.524998171232426
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:5a7qptH8mPdnF1Xt0DmXmVHWXrfH5PganioTE5ActLlVM:5a7qfbnF9LWQXrSloSttpVM
                                                                                                                                                                      MD5:6E97808B69DA70676945474B8FD9A9EB
                                                                                                                                                                      SHA1:186410393438E11406CFEE30E1A38D6507C72D68
                                                                                                                                                                      SHA-256:27E71DF9148EBD528FD52D9FBB77D0C3F8A067C4E883E35D801AB97D8F6A48F7
                                                                                                                                                                      SHA-512:99B6D32E29E4CEF3DA4F50B800AC026E55FC8924102F12736E52EDAE5E538B3B1B1C7A4D14E2A1021955BFB83B54E3A86678EDF821ADA8967E8E064D264D1534
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:m9#`7..s......5.=.....b\...:..O.\.X..~..;.m.@.9.Ew..=.^;..}.=...y .g?.bK...x#..E.s...a.TTh.D.x..YZ$f6......=.9..=.,#;...#.3:...c..%.L*..UD.... ..#b.......},.T.......Y.=AX%.7..K.........gj...O.;..+.n.......fdX..y..,.6..7pb..sw&t`".0(;8......57.SjH..<...Y..u.1.........>..o.....A.Rsr..+..b.=+.}{...Z.X..-r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                      Entropy (8bit):7.57302190617715
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:jEUk6aIMA1e7XcnyRf9cgQ3rIeRg8P/gpkganioTE5ActLlVM:jvk1IM9bcyRf9wU8g8P/kploSttpVM
                                                                                                                                                                      MD5:4D23CCA6170EB6013549C1AD896BFAB2
                                                                                                                                                                      SHA1:64051AB5266FCFA1FA33E96F8D169C8AF82AE715
                                                                                                                                                                      SHA-256:A4308682BE6D43D7D037637E304C9E1E6E75C424FC00F8109F15BC5AF76C3DDE
                                                                                                                                                                      SHA-512:668B8E133EF20D31B165BF1B85632C8A415B47099DABDCC99D84FBF6EDDE22430993F5239AF76DBC6DF5B0D778EE330DA9BFBB828B552F1D7935757840E11562
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.J....*..l..b..y.u*..`!.Z..H...A..."..'l...... . ..7..q.XH.r..a.gTze....}i$M...>..aun.z.y.c.)....r{..p'.....oq`..\.<0...</MT.*...*.].5.....LA..K..}.XeF(6...>./..&....".........;.....'(..0.>.V.VU....Z..$..[2.....CCkr..._<..5.2~&..*.=..6.;6kl.D..K..=..fp..{sw&t`".0(;8......56~Kk.,.'AQ.......I.,....+3.=..A!...o.lv..!..Q.....o_.Y..8..r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1683
                                                                                                                                                                      Entropy (8bit):7.883288626030772
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:gHQ4hzizg6MUZ460n2340LjKOdeexw011mNz45V/IUgGVCqoe1Ow8UoR53bEloSU:gHQCW40PKrgw0/tV/1D7oJRtbAtre
                                                                                                                                                                      MD5:D9765124B4837294E2A88B0BB8E1A389
                                                                                                                                                                      SHA1:01E43C540789AD005088824F3F6CC4D65A7AAC7A
                                                                                                                                                                      SHA-256:0543060898A9506FAAEADCBB8E30A197A1563A11C04935E5292D32F534651A77
                                                                                                                                                                      SHA-512:4352C9581F51C5CD79DA3E64838F8FE939F9791A1429FF5A8C57266F6FCDA37F25433045B7CC8E0B236E1B9C1BAC96716C0FF61CB0FAECF3E87CDC002A441D88
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:a...`.MC..^...Z.n[..C0J.$.....2...@.7n.....%$...$.4N..p..}vMg.... ...7%1.`f].BH.6..`...W-Kw.v..Fd.E.9y_%dL.'`..s..ld...z.y.S..^....G48...p....tzn4w0..a......'V..V,.K....LJy..6...{F*hm..H....(...D%...o..34"p.........?..90.Q..k.k..`.%.._.N@..Y@...d...\fJ$;.....Y.]l.?.MCO...>.i...W!y.i.W..a*D99....*h.z.?..3.......)....fZ..D......k..:.|.)W.r.K.uT.q.gE.].K...<1^3.J|......... RW..;......u.OH..k,)..r...#+l...Y.Q)2..S.H.9.M...9..O......5..Q.L.TI.....-.'..8.i._V.Fqd.j..@.I>.<x.`>y.-.T..j...{.GT....V.8.......9.1{G>*..B.h..@wXDd......&../......l"@}.....>.;...Hc.r.\...;s...6......A..8Y.c\.-.@|.G.W.....[...h.fC...DI..%..+.......Nf..@3.0<...A......:.wm. X..G.m7.l..).D.....r.h...v..s@....<#.x.......`_?.G<.2!.;$sp......{....&.>*r........\.l.z.3$v:8.../lJ.sE.xzz...+.K.wA..?w..xO.-...ln.|.vY...).&f...Lx.^..)1.>........./.F.v....>...uo+ ei.e+..y....A...U3...;.V.....h.9.k/X.n.%.....29..dZa1.Y...w....7w0....Z...,......?......o..Svx..pq._r.......U..+=..|.,L.r..R..'6...R..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):253
                                                                                                                                                                      Entropy (8bit):7.111678444215179
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:m1A2GGIHZHM9TLiiTXgoXnLYgko2WEKqFCKZRQeEClVMn:cA2cHeganioTE5ActLlVM
                                                                                                                                                                      MD5:0E2EC47FA06BC39F48BD6C6E246A104E
                                                                                                                                                                      SHA1:649294ECCBA9E0ACFA6676DBED8B9B3222F33B97
                                                                                                                                                                      SHA-256:D61ADCB44C4FEBCF90DC5D1F02E657D2BAEF61E22357701B30C68F5B2E76904F
                                                                                                                                                                      SHA-512:EE112672ED08C4A9E3D91ADF6082F0D75AFE28A67F3ABC645A63236C05D6B36BED38EB395020AC9BAD2C7F9CCD3C8D5E071B516D8B166FED5C7F6432942EAED8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..Kc.D..!u...X.;..za.n...!.;......sQU....y5.;.../}..qPsEU.P5+.K....&.n.... ..Z.].u.U...d[.....:..bP.E.....n"_.n....._.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):291
                                                                                                                                                                      Entropy (8bit):7.252924774133789
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:UHPAvdZrTaRJB7QHxVHmQQoXgoXnLYgko2WEKqFCKZRQeEClVMn:wgdZr+l7YSQQoXganioTE5ActLlVM
                                                                                                                                                                      MD5:13AA9E8FBB2EA514DE43230FA816240B
                                                                                                                                                                      SHA1:6970BDDB2F1974FE1387494D4C62206042CD1770
                                                                                                                                                                      SHA-256:06D907DF50DA8C8EF0F4F0FAFD06FC77B7AB25F194A1EDB0A3CCDE87C964845A
                                                                                                                                                                      SHA-512:C22D6CD6EF52A25FA79C03FEFAA672B156F24BFC66D00295525BFFBF3C30C115611F0F2541B21A5F112BF52026209FED15794FB1D1967699E31776C63A6B9889
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.:.t.J.0V.S...WT|G..|..t.H.!.N.:..O..5Y.P3.m.q..'.:.....5n.0@.......C.../e..q%.t`".3(;8..G9..o..F...?..F...~...LM,.6..Q..`...ezz.....d....(...Y...q@.m.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:COM executable for DOS
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):253
                                                                                                                                                                      Entropy (8bit):7.272268129919092
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:u0r53QhGIOuBCd6XgoXnLYgko2WEKqFCKZRQeEClVMn:u0t3COECdwganioTE5ActLlVM
                                                                                                                                                                      MD5:52B9BB163F98A18457DEDF1BB8763AD2
                                                                                                                                                                      SHA1:ED553CCDEFA676779902FA5F8BA0C7DF889DE898
                                                                                                                                                                      SHA-256:B2D794B3FA4F96D41BB1DD225C21278B5A6F17BAD51D0C4F009EE0DB9CC46AE8
                                                                                                                                                                      SHA-512:EF6BC06E0BB6FD90324E729389ECD175F667D1177C32C24C4001E3F04B85856454A80DCFE35F5B6EDCC8F71264F6E8516245DD43545527917C4529FD36BB5EB6
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..]?Z..\M8<1...BT.u..$i...!.;......sQU....y5.;.../}..q..B..d3.E.^.)...}.r..vI.A>"-.V\8q.UwT.u..p"I\.a=...%.G~....a.(_.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):517
                                                                                                                                                                      Entropy (8bit):7.569727048770877
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:zFKsggMJv9Iw8DlsXP9BxnrPOZAkmg/HqS6Su2QOXganioTE5ActLlVM:xKs3wkuX1BxrrfpLOwloSttpVM
                                                                                                                                                                      MD5:5B6D484C9BA2BE39F0C5542D96DC13C1
                                                                                                                                                                      SHA1:810A75E1AEEE75C10D6832BA383F8F0AB66EF410
                                                                                                                                                                      SHA-256:47F564324219F4D8E258780BF6DB24D9E18F0174487008E951625C3FB6EA96F6
                                                                                                                                                                      SHA-512:C150DCDFADB652BBEFC1C5A41258F91931D7168D49DADE40EECAA1AD7B80B1E3748B43A71002BCEF989156973966D9FF447E9F888721E4D6906196DE66978540
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.e.X.,...~.].#..-5....xe.'...i......U.|..A.9'....Rw../".Q...o!%..Q.a.{.... .4qH2.9.0.m.7&.,..!D.....5...t.._..)y..ze9c/..Hz.ni.#.;.@: w..X.&9....0.Gc..:....._\y.Q. [9oB.X...l..M9H..$.2D$\......xo...U...5........9;Sm..l..XL.....O.|...hs....!+........p~..W..r.^...qb......7J._p...%.....t...8.s.U....z5.;.../.......3..e...2'@.B....+..:.d.j....t.F..P4........*.....A.sJ[.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):525
                                                                                                                                                                      Entropy (8bit):7.590154705369616
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:QWyAsiqgUZqWjZsPjQC0EMJTtyC5f7GganioTE5ActLlVM:QWyAigUZ5jZsr9x0TtVloSttpVM
                                                                                                                                                                      MD5:CDF017CDE2DF6C59CA42EE723EA0408D
                                                                                                                                                                      SHA1:FF624ABE0CEED8F3F173063778CC993122548DE2
                                                                                                                                                                      SHA-256:D71D1838750D86E862B12F631E731903FA85396C97AB697C0B16E507ADD7BBB9
                                                                                                                                                                      SHA-512:19947710ED3CF8B3D394FFAC1DE739A719218296EC1EB6EA330E938CD08F5E1812FF96EFFAB58437CE411857116A9649A436F5CE8C78C86B2EE5CD80C778A361
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...c3._.H....~....Q}.(..<..:.O$.@.FF.]..GvY....I_..z..b.:..4....&....Y...M.".r)..!......k.Z.n..2..=..7.99.7....$zAu..q....@...........%.......ahW`.1..6....+...g...mT.Gw.g.Q..L....6.]+G..>.......jr..!.....,.9.jW....=.Sn.r.;...?..r..^.,:..>.(uw...7.$........_....+1......5%.........T........y5.;.../}..qt.t`..;.].(....g......v..#.2.T.A.Y...$.L.W?...<..g..... +.../lc.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):248
                                                                                                                                                                      Entropy (8bit):7.15351717720023
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:YHV/l+cdakOwBQTklgoXnLYgko2WEKqFCKZRQeEClVMn:YHV9JakDBSQganioTE5ActLlVM
                                                                                                                                                                      MD5:7A4E29D778EE8C802E0A40FC7DB851E0
                                                                                                                                                                      SHA1:94BBAB976D8E75D7F4321A98306AA614229C3F9A
                                                                                                                                                                      SHA-256:D7CC0BC68F2EFF685A32725D342BD0FB1F0D663AF51E81E8E6E6C9948F04A2E2
                                                                                                                                                                      SHA-512:90903E3407BA853546A53D93D7F112D5ED594CA5E84D5244279AF1FC0A792C3BCFC38831A2763DC794AD094F9BDACC16035D65CD1BC34F2DBF2DC01CF9A0940F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:~.LC..n*.2.C.r.*......G.D6[h^U....yg.;...,~..rw.t.aH...0....?....5.!..Z....<jJ"7.._..0.........a...I.{./G.!b.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):561
                                                                                                                                                                      Entropy (8bit):7.595236710799274
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:qKVPkTR2O7B827rzp9x1+DUYSIOBfQkmg0DAXyx0TWganioTE5ActLlVM:qssTv7biOBfQfFDGoonloSttpVM
                                                                                                                                                                      MD5:A8B568249CB44C528938E642AB8A8DD8
                                                                                                                                                                      SHA1:DDB786DF2A30735D3610494E7E33D89EB5D85357
                                                                                                                                                                      SHA-256:1B8C8500BEE5EC6D996F4453EF77ECCD817E32D32B2F25C1310742F220A81479
                                                                                                                                                                      SHA-512:8816D7978FAA215B523FFFA43CD23872C6BB1AC42AD409CA94955C1AF5E43B0564CD95339D4D71E54892BF77C7F586FFBA06CD1B7F9955CF8249DB59040433C4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..b.....b.=YW.....7....Ru.H...v.".Xs_...x..4mm..ED...:j....^Y9RP..~>y!....y.,..R.....E.7,r...:..Y.9.$YF;.F=a.I...Q.<.r.e.....Q(.Qd.V.9....Y.s.M..%H....V...b...P.u.....A|s..-#}...=.Z.(..i{..U5g....3..w..(..XR..Ydg3..G .O......W.R...AAtd.....g..x......_$."..U......]...V.'....,.[w.>....d#..[....:..X&..`2|.J,l.e.<K.........z.%.....t...8.s.U....z5.;.../......b..T.x....F.i..g9...c...\".......[...T...>.K.b...w.V[.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):569
                                                                                                                                                                      Entropy (8bit):7.658369900740803
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:7ifNjyfYS6VNq0EHiW/KLfZiPganioTE5ActLlVM:m1jBq0EHPKLfZlloSttpVM
                                                                                                                                                                      MD5:C4713E849AA8BECDFE62B2FDC2AE0112
                                                                                                                                                                      SHA1:EED7F3D8DA319951851CE7AA3D400ED75BE52344
                                                                                                                                                                      SHA-256:D08DCB90DCEC2EDDAD4AED7E963B2C38B59F7CFF3D2FD168BDC0F4B9AC0DF2B1
                                                                                                                                                                      SHA-512:5ACF344F5B51667E58E2630C8C24CE9F9C71A8F9F731287D203BB40E6CF7EFB19738A262F8C2B69994B60E73D886675076ACB080BFADCE54B051A358A5D80494
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.!..z.V....P.7.Ja.X~.Z..`.....j.1n..k....G5|B`[.......OMr....M.@.,e..A8.8.K.)..W....5y...^......s..c...3"J...K-dl.....Q..O_|.Y...B.GQ..u.N".2*......O....%..T.d....)..^(.X..b.=.fE.....v5...#......#.OB.s....9...d....9.'e..U.7..\...V..J.4,R...%.>.I...5...D<Og.~....H.j.=.c....^m.^..o.{...W.4..u.Z`......r.$..,......w....8.i..i%.........T........y5.;.../}..qt.t`..l...p....7.;....#.d...SxAJ.ZL.K\"-..a.=.#..Q...&.5....J.......c.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):283
                                                                                                                                                                      Entropy (8bit):7.26676874455902
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:ohKOa6CrsReJ+RMr5jtZ5UvexgoXnLYgko2WEKqFCKZRQeEClVMn:PJ6oeeJ+RMr5jwexganioTE5ActLlVM
                                                                                                                                                                      MD5:DF1EE4EDF09ABDD4387CB952646C7516
                                                                                                                                                                      SHA1:D57FEEB8A64B24570A898C400870F5A91CF3BDF9
                                                                                                                                                                      SHA-256:2477845FE52C448CC0120C83CAA78992935148CCE3C5FEF48B6DE773F30D35AF
                                                                                                                                                                      SHA-512:3E7250E640509FA136D15D2FCD3226FB02296E45B3F0709A0F5FAA0FF173E9AD92996116EAC29F90C0EC13AD1E576D4E1B1430EBA647336F2D80E511ED5B5F4F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Zy..v7'M5...=.b..qB%.@..6.-._..3.J.@.Y.$.........}. ..$....7..B..5~..#w.t`".0(;;....\m....$..^Z..&N{..l%.22....8m.M&..c.k3>p..<"~.......<.]..l.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):731
                                                                                                                                                                      Entropy (8bit):7.735072466695751
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:85yKawqUN7cZO4wsPB7lnIXWx4cCN8zxQA7NX8xqQQFmganioTE5ActLlVM:8gKawqE7VwB7mNcCN8xQA7l8xG5loStq
                                                                                                                                                                      MD5:25646CF400E080A03CA7C78515AF8EBE
                                                                                                                                                                      SHA1:09D037A13BC5A4908B29669A15825A05CF953CDF
                                                                                                                                                                      SHA-256:C73602004F83C028C693D0EAF9E82905247232D082A5AE0C8FF3BC142FAC91CA
                                                                                                                                                                      SHA-512:9BE01EE29B18A65F938013BEAA2F6422980F52729E00DBD514268A64EE0707A44ABAF26A3CBCD7F7704F3D59D9D96FCAE8A668FA0C246FB9BDF4BA6E3729F898
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:a..e...aH.w.R6.f...Z.o..S.G.....f........"......%...~..C.7..........+v9..>.;./.x@..F.....6+..{.....X.T.H..b.d.l./W...}.}....\...F..._...XN.^..Q.R(2.`iV..5......p....%bFG.......f...Y...RJ....1.L..P.#ll..l.....d....g..-..cF.p.. A..mZ..g.....w...O|gI6]......<0.!..4.$.8......S.K..o.v.i..iYQ.W....B'I.X.4..K...0...#..K.uG...1..g........&`...,q.5.....~......8...A...\{.......%V=..g/.$c.(....y.....#...d...F....-hn.....\.2X.(..NT.}..om}|`[:,@'p...;...H.r[..>s....q....%. .<.....h...0$......QC.&A..qh.t`p.0(;8......9.E...wY.....iI<...z....{J.t.2.U...s:NF.y...M]....V...}..e.~.q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):283
                                                                                                                                                                      Entropy (8bit):7.254366712741612
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:+JHU678UmeG5J+RQLSH67yrgoXnLYgko2WEKqFCKZRQeEClVMn:gKJ+RSSH67yrganioTE5ActLlVM
                                                                                                                                                                      MD5:603A70D783CF4B36EC30557E96DB9BEC
                                                                                                                                                                      SHA1:10D35BC09315059F4AC4A71BC564FAAF72B1A019
                                                                                                                                                                      SHA-256:332285F4EA4C864A2DBEBE9A249C6D4AD72F2F265EB5DF455A78C42E0EF0C186
                                                                                                                                                                      SHA-512:120B29058FFD3E6F57A6F826C69B5F3D852BA1421194935089FE97A29C394C857EA246D2D607D4FA4297CD5149325F1F0B09DBC5144537E53C29346B4B11D610
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.^X...,-Tn!../|...,.Jy.2.[_..!.C....l$.........}. ..$....7..B..5~..#w.t`".0(;;..w........H.z1..u}G.HL..i.....oP.......K-.`..,.$vc.l.F..m.wb_.Ol.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20712
                                                                                                                                                                      Entropy (8bit):7.990371359871417
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:384:M1PVAREzKtTLz/4gITnv9eiOxk5VozgucsyS2uS6JBAN3C0Mdoc9INjW1fjlli:aPVyEGZfar5Vo0mMF6JeNoOaWUjlli
                                                                                                                                                                      MD5:63505805DDC3C259D2608BBEF1A84B5F
                                                                                                                                                                      SHA1:16487209513799F1E6760B0D731D48503C4A67EA
                                                                                                                                                                      SHA-256:B0AA4F2E7448470616101DFF15E1E3EE4622B2035376C76C6D8C38D4166A261E
                                                                                                                                                                      SHA-512:8B0291051E1E9A74C2AD4F44F4B308C491550821B1C4C3DDD572E94553953F4E4E1BA1FB9C4599496305DE4328C1CE257FEDF21F5EE07E74D7C9285B192CBC37
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..T..G..Y..G.L..U.Lb....w.....4....F...|X%..i.....Y.......X2.c\.nf.....8....$.`..!..a..h.<..~z..G.[v.<r.....Z"....P...F..Ym.F^~...3...0_..z ........MIW..B.A.a...a,E..zV.#.q.{..b.....D.AMV....+..........z.:[......i.^_J..a..|a(.-x.....j8..-...B.K...OZ^.DhQu...4..../...w2..h.....Q....i.7...Yl.I......<.....m.cgx/........;.6k.C{.p..v...x..|...!........s.Y...5%....F~..[Q.4\t..W.4?qAf!>V.. ...p..EI........f+.......|.N...R-....H...u.`..1U&^..&...$#P...Y.p.7.,b..m>.E.......".i..h.\..D..W..Q...P.Ii....`..a]..8j..9.E'.e.~.....K%..I"..y.1B.q.....k.+..f..ki`.(..R....!F..nKD..4...+.DX..[e...ssTp...Ox...?Q.....Z .")]...Q.'.x.uNoj)M..o..+...]>lW.4.w`{...m?.~x....2a.V.O9..K.0..M.j.W.}..........1.K..:c!%u.......M.bet..~.....>........H...ii..$x....pq:.....d'NA.qgi.i%.....K?!Dj<...{.....c.C.M.t6..EFP0..A..7Q.?.R ....C.+Y.V.T..W,..n...).iD.X....C..s@yUc..zc2..+.!t...!4.?i......C...&..>........M...Dd-.....m..,J:...P.j.0.QY...s.'.(Q@....Q2..&z...9...O._.$...Px`
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):730
                                                                                                                                                                      Entropy (8bit):7.722915492255478
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:L+tjzG1pxFf9uYzqikxNUtcHGu22A+I2agvn3E1hZyN9Q3BXganioTE5ActLlVM:L+tjzm9XkxNUtcmu4+IAGgewloSttpVM
                                                                                                                                                                      MD5:C34FC1D82563790514678209BEA4BB6A
                                                                                                                                                                      SHA1:20604748E0C5262527CAC5086EDB1807C5A8B0B5
                                                                                                                                                                      SHA-256:B7DFC144B8CF0BBF4A95748CAF2F741F961D54617A92A33988568435770AD21D
                                                                                                                                                                      SHA-512:13C1DACA97E7A22DAAA4B5A678C4374FC7D0AC04CD245A56FED91E38340FBC04AEEC4EE040B9EDCF9D25E6D89618FCB51F37F250D7779E655DC9619D6EBEBB78
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.-...[-/.S2.]....!.v..vo.....@.......-M.....H;7.-.K[.,..1u......c.].....`...#A..fs.U&.P.K.......X./...[)<O.....i...s>....Tw.4....l.7... @...wc....|.k.qF.5.*`.f........'......G~...?.........'.......ZE....>[...D....Y_.MB.-...3.S$v.}4....}E%.......5J}.`...iu.n.N*......v..[....1.t.`.M`.4)..........d..7.Y1(..._}.....L..{.[I.....s.]D..P....t.~...7<t.}Qx3..(....b....'.........NZ.r2.9.4.p).....z...!.U......V6...w.#q.6.1.^A..Q.'@q.,...f.....t.R.w.Q!...C...&8.8...'.*.+.....J...u$.<.mF(R..b6...]$,y.2.2(.8......6............].9Z...JI...?..JBZ..G....T........SX.T.".J*...4Ku.u..1.y.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37113
                                                                                                                                                                      Entropy (8bit):7.994960981954541
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:deHzwO1AhWNktkadJGXt/aLBJkR5jSI/2V+wBgk5B2e:dHMiWasXtCkTG3F57
                                                                                                                                                                      MD5:E841D9527B40C7F2F2B39EFFE7FE5CBD
                                                                                                                                                                      SHA1:A3E5EAFAA9A10D03037A4039926D473C0AB82DA4
                                                                                                                                                                      SHA-256:2C9A6E37A15FB9037689D22ACD3BF2E7608612A5633D3F05D88192BC88E6D6ED
                                                                                                                                                                      SHA-512:64EEDCD1F6BF6CDA6A127C61B1C838EE70B02EAF7FA889FB43A0BDFCB4024A021E4FC7B5F29EDD17459DD58766A3A3FE1968262B0012B544CA67A01452E11C0E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......UY.7.h...ra....2.9........<].tNXk'OyU...m<...+......O?....t/.......U8.E k.F.(....c'ms.Ao&.`..B.#.c.Hm...eW@nA...K^.h.f<.a..7.$O.^....N..o..k..6}.[.u...3.+,.....{t..M$.D.X...ng......qH.@..."b...\...F.m.I!...T...:.....Tr.........K.m..x+M.gC-....i.R...2....Y..2.....D>.Y...(4.6R...D....'an.V..+pY....Y.uH...e.:0....l....W..@..S....O...S.h.........l......6...p.Z....e..Qf.7.9p4#.@.A&.....7./c[{~.cv....OnU.k....~K.GBz.t.[..g.....i....*.7|..FK..7F.d)...`...e..J..-....R.......Dy....%....W...;......]...\,.$.Y~'......!:9)..........V.c...|.5...p.K...4Qb..U...g....W....$R.Q.`Z...r...\.h....}..3X...FdW.{.....k....Q#R....Q3.='..I.I.e.....5.....p.z.M.fh...Sy].S...[...y...c..|...i...o...y.]....[:P.T..5.v.....x.h..y.K.%.L..?O.N..6l._.#.......v....E\.3.....k...QiR.\....}..2@.x'...........e..[..s*...T*.p]...:.{......2F..IYOy....QW2....4..,A..I..Di%-.".f....a!c].8.L....m.....o.Y+k...._........u..h0.O..25 .u.......P..X..?4...h<...(w.W.>. ....h......
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4067
                                                                                                                                                                      Entropy (8bit):7.9519191035849355
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:0xCI8jRGDhamocw7YN4sMQU/5yRMSZoWIeUtre:0xClRG99o5sMQA5eole5
                                                                                                                                                                      MD5:AE6053FFD1F694ABBE286316177B230D
                                                                                                                                                                      SHA1:F76BD52E357426332F61D4303DA7C378F974BC17
                                                                                                                                                                      SHA-256:68A5BD1EA7998CBD17C5DBB340AE96BC965A709874D43E69EF788B62283F3031
                                                                                                                                                                      SHA-512:D519173D9FA3060D3680C6F5CF1EFF3563AA60940BB5FEAB0E3D0AE8CC662705A039217A7C1E4BE04DF9E30881FD7B01459144D583A9B3B50BD7405D2B844F7E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.n...,...5.J.{..@O4.0...b..!...O)..Pw5...4h\.h..8.CS...]b..4?.I.(y._.9P.{.W...:..E.=....S..[.^...@./D..u...../.. .M.F7o..r..I........^..}'.....s .........q..;S.V.O1..q..@{.....2O..T..E:d..J%B..XPcZ..<{C{(=<X3...-...5.\.m.....FDWl...e.*...9...~z.....&\#...F...N.x....P. \..E]%...=.&00p..#..f..85.kc....J..B{.-.`.m..N6V...V.P.N...............N...DI.a.~Hk.S....H.5B..A@I.l..'.x...e..{..Y.U..K..[.W..?S..J?.-..3`..#.P.4A}..PT.K...[.nG....3sn...o....H..e@xO..O8....^^(Cg...#.7&.#../.+.z...j.x$J%.d..{.k.g..Z.......8.._~.{.=......q.8..(.L..>c...,...lN..;t.....r. .E<.R...TXE......U...v.5.....d.a0..ow`..@......D%&.t.L....q.d"N.Q..b,....%.A.*f...._..w....8.. .......A..-O.v....M.._V...Z87...6S.s..........bw.%.=.a.g.a&....`9.C..kmM..g.9..LG........_..M.z.I>..7..K...L0..]O....,.J.ck....]=1..$i..X:ZHb.e5........:..RD..kJg...>A.@..-..6.V......S...B...:....*..6=.......... .g.H..t N...g5..:.Ni..E...U..\k.|s>..q....f.,....`.-Z..,Qt.6...Ph6.Q......B
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):248
                                                                                                                                                                      Entropy (8bit):7.125212540068556
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:81PIE+cfXq+mXZElsemgoXnLYgko2WEKqFCKZRQeEClVMn:oAEbqjJMmganioTE5ActLlVM
                                                                                                                                                                      MD5:B8091528C3F5D8725B356037BAA96CC3
                                                                                                                                                                      SHA1:74570F722F0CD5CDA43FBF5C6A62456FC37A3D17
                                                                                                                                                                      SHA-256:9700F54E783F6D1530E0A49A3B6A61B20FA0CA0A46E807356792989D9AA6A3C7
                                                                                                                                                                      SHA-512:9ED49E9E6C2637029EE578FF978F993568C866D11A55E5BD8F97ADBBE2EFD2BB0FBA9009B2E8BFF5E299532070EB4B30A6E045C776103C2487CD74CF398C6EB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...$..A..Z...p..*......G.D6[h^U....yg.;...,~..rw.t...?.....T.t....1b~........>.4...y......G..?.f.wg....X;.L..b.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):549
                                                                                                                                                                      Entropy (8bit):7.680044889301832
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:mEdmCXgRHw7OeyHmx1BlEGUY/kmgq+Xe0XganioTE5ActLlVM:mEdfwRHw7tyHmx1BlE1Y/fT5loSttpVM
                                                                                                                                                                      MD5:12B239D30844B129AB4FE510497A55E0
                                                                                                                                                                      SHA1:D68CA82D8439D2E722608A2BD1C88335F9569F83
                                                                                                                                                                      SHA-256:FE802CFB237E1F4E3D9D5962B12B06BA9513985FC00FBFD19EA63BB0D9CB8C48
                                                                                                                                                                      SHA-512:CD87C15F288F13769B619AAF7D47F8A1ADD7913577D4101EA679182723DA4D6C2F0A4FAEEB0A955A84D3ACE70662A1ED366E3A0B8E775C9A4C862BCD30D160A1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:f9.'J#......-.i..N.!>...oX..*Y.G.?...2.,e....u....K/0zo...h.P..U.7...a:p..1.>l-..0.j/...|$.FC.|.n.q......F...ej.O< .....O....G....s8V... i..Y....`.?..S.....k0>uUT.^zl..v...|7.t"<h.ub...|.I........%....[........z.@q.d].$8...z.n.J0.....2L.{....Q.l......}pu..=.;.&...H./...oj..z...M.;@..'.v.L.T.}...)7.4B.R.%.....t...8.s.U....z5.;.../.i*a....n.}..........'pdA/.5j..'..K..Gt.6.........}.c.J...[.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):557
                                                                                                                                                                      Entropy (8bit):7.710067832678787
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:QsxjOUpuyrIE2E6mPKNy5l/zzBR/DCRZcwDHganioTE5ActLlVM:QEjOwuysa6mPKN4NzBUIEAloSttpVM
                                                                                                                                                                      MD5:B8770FCB7911746E2BD7CF28A863C8E4
                                                                                                                                                                      SHA1:B5F6DA952B464C9D2A2E142335CFBC6FC9407684
                                                                                                                                                                      SHA-256:A14D5F68A52A4B019FE7B184903A6C1DD5A13A9B7662CE9E017BFD3FBEA9826E
                                                                                                                                                                      SHA-512:F947ADA805A4E49DD566E37AA2A45FE998A7AEE2703D33D636AC3DE63039A1E075494EBEE97EEAAC5BFC30DFBA9F3EA98E5748C972C286377017A7C1F511D409
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:v..H...+'.0l...h7".8.\,o.O..Fb.$]...R9.N1........J./.5.........D-..w....d.U...cI.d...9..A.+.;$D..u.`.'9..../.R.:..M...hd..........A...H.....^.W.S.....U....`......l...!L2.,....)EL.m.RQ.CD.\. ....{O-Z...w....@.Sgl.../[|.....Q.=....M..f.6.p.D..{.,}...rv.I.ETG...bIs(.......+.u...B.....W....olX.=JV......E.%.........T........y5.;.../}..qt.t`....xX....P.....t..qr...../....z......j...p!`..f.n.[.cQ.-c.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):283
                                                                                                                                                                      Entropy (8bit):7.287034954783436
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:kfhP0J+RdoejHrj91L4zgrX/WmgoXnLYgko2WEKqFCKZRQeEClVMn:kWJ+Rqerv91+4XzganioTE5ActLlVM
                                                                                                                                                                      MD5:468D631DFA1AD5015101D0738E191BBF
                                                                                                                                                                      SHA1:771A14E616267E7B6CC0CAA2E28E4694A7FC912B
                                                                                                                                                                      SHA-256:852644132D7081DC260EE0F7DF673448281551EDDFB767478BAF592700EDFC33
                                                                                                                                                                      SHA-512:1FF86BDC13FB7E16E2C85500E8DA0BD8FADED7DB83282D335B3CB525A8B2B5DBF371D3B7BF97464CA99D13B4E1FC953B41AB804E9984C03414AE3EF843E66446
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:q.Q./.q6h..z1.3k.MM.....6..G.C$..W....~~$.........}. ..$....7..B..5~..#w.t`".0(;;........=...&.........}nW..Ok..vCN]........w...p/m.1...........l.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:DOS executable (COM)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):131313
                                                                                                                                                                      Entropy (8bit):7.998593127189002
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:CvYDY/oV3WxsjGboB91wRBnVBBn623JjoPd39b:CYYTxUBcRBVOMJjsNp
                                                                                                                                                                      MD5:95F0D5E815A85A2E7F84CA0E503A8422
                                                                                                                                                                      SHA1:2EF103D2481DE0F0E2531C779257B0CE7CE7E594
                                                                                                                                                                      SHA-256:F67F370AFE693FE1BD08C6451FA6CCADF970E64D8D2887D80D71C84847CC8D69
                                                                                                                                                                      SHA-512:E4C7E15BEEBDA5105670EB8BFCF0B20916F15FF598BB9E61F41E53211A3FEB5E386B1BAA0E6667B6FF54FC7A91BE0A88AE610E7D8659CADCC21A77211E6CA584
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.X3.......'z.......X9..IC .}...[......M...(.8..(K1..D.....T-Q*?#Q>...y.99.;..'....."s...b.../>.2zTg$.r.....Y.......En_2%..j.NR@....s.TI^...vm..y.c...$rH/S(......cI.l.B.2R..=..f.sB |..."g......&hQr..8...../....U.a..E.-"{./o7.....#.S .c.>.c.i5.[D36Fd`Z.t..jH..}..g.(=..O.../...(.$.C5..*....x.,..'.t.G...Q..9.....S..P...H.]}kEP.x....er.>x......l..z.~h|.1`..".:S...C;...&9....GP.'.....<...q....]..'.H...tj.-.....f.xg...6=..P.e.DT8.f6.t.*\.....`.Wd..`?|....9..k.1..C+..=...7..>.....L`}AI....*.......<.v~?.P0s4J......W.f...fC..U...s.m.d..!.4.QC\..3..M..^.....A..Ns..7.."....5......]..a/..4...V."..(.?,$......h.=.g.Oa.C....n.'..~..n.'C.....d.`.m.7....sV.^0%....l..{.V..a.p....#.5l...~R$:ma. ...(<!.\p7.`..!.SA8...@.Bq.......w.>....|...jP.d..bK=..Gx..o.....Mn...%...L9.PW.`...p&z..Q.lw.c........_......Z}?..&.G7.T}..f...I..K<N.2Y..+..W+...\=....:_.?..<...a.T.8V.?.Y.K]H..n..V.../."oF....gdK........%..U,.x....n....B.O.1PN.$..,.)....dvau.....{...G.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):339
                                                                                                                                                                      Entropy (8bit):7.327337094351383
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:4DIa5A/IRBQxkjBg3CCPYJOz9DDiHfxgq0gXgoXnLYgko2WEKqFCKZRQeEClVMn:nzcT8PYJchw0gXganioTE5ActLlVM
                                                                                                                                                                      MD5:4117C8856DA5B0DE41418DD37B0FE4B0
                                                                                                                                                                      SHA1:23C5004D0ED87F084BAEC32A7E5AD150223D0565
                                                                                                                                                                      SHA-256:5C928EBC54654BD837AB99C495BEAD764CE64472317B428104D9B60D4C2BD66C
                                                                                                                                                                      SHA-512:5F293C65D91D0F6713F34DFFC31030CD877A38FE63ED3B6241329D8465544E354D50F3AD29070F8E274AA84209EA9AC3BED1C867F4195B3D185E4C9916A7D97C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:./.&A..q@s.......^{\e.f...v. .&....{...].jz.U..+..Z..J.EL$.8tVL...=.u^.0`.....~.y......i:/......$.=.Y..kl.....W........y5.;.../}..qt.t`..+.......;H............_..?..lmf..... v...f..>R...s...&....c.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):248
                                                                                                                                                                      Entropy (8bit):7.124303013902501
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:dsASkd+czsWAMHlHtzvRaFUmgoXnLYgko2WEKqFCKZRQeEClVMn:GY3V5lHtzWxganioTE5ActLlVM
                                                                                                                                                                      MD5:0C42FDD45A06EEADF985DAF4C73D0650
                                                                                                                                                                      SHA1:5CB24268DFD2FF6FBDD9E404698CF510F5E9E78A
                                                                                                                                                                      SHA-256:41EA72BEEB6AAA397C0CDBC3F8214350C84BE84ADCC92F172AA6AD1C23F848A2
                                                                                                                                                                      SHA-512:D6DEA82651B0A8F365ED1DC3FCF4EF2AF1D3141183E96E5DD00E13A4E20C8B818F980891BD4DE8304CD5F7751E23C3609271A67DDF91E19D3219EFF8257FE671
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....z.<..}....*......G.D6[h^U....yg.;...,~..rw.t.H...{:...\........C....._.....~...!..t...0.8.....S..t..|f..b.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):546
                                                                                                                                                                      Entropy (8bit):7.618730912344661
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:/U8m3CUFdX3pMKg5xYXWFWxGubfxb+nJcBdkmgqfV6XvnganioTE5ActLlVM:cnJXiKIxYXWFWxGubJb+nezfdSvgloSU
                                                                                                                                                                      MD5:9EE0619D94F57C1F2B2BFC9E6A57D46E
                                                                                                                                                                      SHA1:4CC320414A73BB031AD7D4EF1A7B3CF7B7F2CAEC
                                                                                                                                                                      SHA-256:7D81C8799393D1197FFF1B882712D31267BC8E1104EA2CB5C6660099A1A2E623
                                                                                                                                                                      SHA-512:56DCEC9642A442EF8C586E1BC174123DD6965C781E3B9DF93BA382F11DD24E8C8633DB380A6B01230A91E2A8B1775FC68C50AA1CFDBD0E1FC256BDA5B1E8CF89
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.'].cp....[y4..^..`n.....C.~........ ...f3.A..xE.....w..<Z......I.&...........>w............#...;.>~g.....A(....j...TSh...^.NJ...[......a.l.O.!}?.`.q....>T-...KR92E1.....[....r..P;...Yh..f....t..G...Z..."U.s......J@...)bV.M.1...}...f..f].../....B89EG.i...G...D<...-..B..y......,.......\J..s.....#......%.....t...8.s.U....z5.;.../.....2..^...|..gU5.|...y....DM.?.....{.nr.%.).X$..(....W...[.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):516
                                                                                                                                                                      Entropy (8bit):7.583041174374528
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:0PA03GskebWvx8C9FZ22feucZWGc7NKbfyHmganioTE5ActLlVM:yA03plbWJ88Z24dEWN7wbfy3loSttpVM
                                                                                                                                                                      MD5:C4EBF89BD3B30CB9FD30D1F7FB378C38
                                                                                                                                                                      SHA1:D084ABF8BD3DA121E4EB74319430A9E7F325BAA5
                                                                                                                                                                      SHA-256:1B01D173B76A74831FB11963D815A4F4C9ACE0EA0722240695937F6F62E72876
                                                                                                                                                                      SHA-512:72B3FDD9C21F2F76087AA2DD355BFB0672FEAD0AC35D69F2F83C357552E4140CA8F914A2C5307DE7238C3144C254827B4D32D3095DAE9D1CB8EA1550435B68C5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:].<.'..F..=q.D4..$....b...y3i.T...dxxE%T..".e'.9.........1.4+.{j...D.!Q..uR#.,.l....u..\i"...a.+v>.\f.....x....^....s.e5{...[..4....G$1c..q........Ab...-'..v.3.....%G'~....mv.Nb....#....Y.*Xn.*...k:..yZ.M.E.......!.c..P@...B!@..>w$2.|.}L.@...tw.T..[..0.....cA_....V%.........T........y5.;.../}..qt.t`~...^....'..#b..T..3[....p... .Oy4G..&M$......T*W.h.Tv}.......Fc.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):283
                                                                                                                                                                      Entropy (8bit):7.234100502517196
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:EzcpKwzeqJ+Rg45GI4jzHBu1MxgoXnLYgko2WEKqFCKZRQeEClVMn:WdPqJ+R95lSIWxganioTE5ActLlVM
                                                                                                                                                                      MD5:41880289DE91D9826A1004536A5B8F33
                                                                                                                                                                      SHA1:3E96981F18E70ED7FEA1A6ACE286DA0D4528BD01
                                                                                                                                                                      SHA-256:9061D5CB78986ECCD31C90E227CCC26AD383860761F27C26ABC9A263D08F4E1A
                                                                                                                                                                      SHA-512:6448DB2194EBD24735D02FC3FF625A709E7CCF6F5C03A8308607A39E083D304B8BCD1A2B0921DE1218264967E77CCC676585CF40AD1B647745F2B5B69AFED8C2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:d&k.(KR....c..Jv.6#. .m.2....y.?s...Y^$.........}. ..$....7..B..5~..#w.t`".0(;;..-......{..Q.t:...-.M.lD{G........+...s.5.:...\..J..2.OP..l.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):393
                                                                                                                                                                      Entropy (8bit):7.515106417203492
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:IjBDVRKgwFqhJljb0PYJtjjSg2KganioTE5ActLlVM:4B5RyS3b0PYJQD7loSttpVM
                                                                                                                                                                      MD5:79032C698E18D78C11674771800D5B46
                                                                                                                                                                      SHA1:FFB31D438182EA3EECCDE0878F8C35807C50E8C6
                                                                                                                                                                      SHA-256:91C424EF99D8165FE937D1E9CFE80BD687072144771C88E6911A7DF5DB555A86
                                                                                                                                                                      SHA-512:F0C5AFF03844CFC3D4EA9F4A72540D93C87DF2B017DF498C21DAA04A1AFF8A98287495BAD0F5FFDA3946C9C800A671F62C6AB0A4AD1BBE811BBEA9B8BF11066F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:).?..[...$.g.{..dn....|&.:oG09.:=PL..\1.>....k....2.=.Go....9..#~...5;..........`.qz...?.p'.....3..-.h.....^/...0........%k.....p..,..&f^K...H.w.7.o.y..c.Y..kl.....W........y5.;.../}..qt.t`^......j.j.A.7d..gZ...A.%.....=....7....)z.D...Q..wU.T$...yB</c.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):248
                                                                                                                                                                      Entropy (8bit):7.064247155073548
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:SeXd+cwwPVvtargoXnLYgko2WEKqFCKZRQeEClVMn:dNT91arganioTE5ActLlVM
                                                                                                                                                                      MD5:E4DA4B7AD89209201EECB10C808CE44B
                                                                                                                                                                      SHA1:1733C01F9EE91DA89D2EEE741D8134B4D95FFF38
                                                                                                                                                                      SHA-256:F21923FBD682192B7B733FFFB412D807BE5356B7EF647887BD8C22DA7CFA1DA1
                                                                                                                                                                      SHA-512:20E4011FC00F18F05086D7EF7EBB0618CE79A28659288D258967144D970FE574C2518567FF301D063490266797E8024913BB2C5D89331781E4304DB2D0B1CF5A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...~.P<...gwi...*......G.D6[h^U....yg.;...,~..rw.t.....t..|k~N.....P.bg2..%....-.... A....^xg.-kU0..4.Le}.,..b.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):564
                                                                                                                                                                      Entropy (8bit):7.637928227736553
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Wk9akcBNGc7MCupWcRyX8WcATig2kmgB8RS4lganioTE5ActLlVM:WoCf7MEcR28WcA+g2fG8mloSttpVM
                                                                                                                                                                      MD5:35327A634CCB9169362339F6711A5E85
                                                                                                                                                                      SHA1:E0135C57272DB1E96B7828490632F8AA129CE26B
                                                                                                                                                                      SHA-256:8141578076B3A88E58DCB220ADE2DC1AA81075F2CC605601B5A48F137EE5C7F0
                                                                                                                                                                      SHA-512:5BADEB8D7523119E7364F6CB6CDAE228F8889D09B4505A9658673BBE3A9CCB823459E3362EF4E898AA379D28F6EF34300116DCA889CABB54B7C339BDBB9AE589
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:\.M[...'.45..8.....H.V...{...f.o@.9~.c.,......+..$.Px.R.#=.......Rk.......u..j...R .&wpS.....5...@;....Z$...m...].R.....?...T..`2.....,.Ai..eg.k.#.F.&.$......p..NU}:..."..1R'...=E*.>.:.7....H..o"..sZ.j.2..v.j8..J..<....$]....}..3G9.....p\ST.......z.p..u.(..e....E..'...tK...N%.4.+.......T...'......z.......{..j~.........au.U[.%.....t...8.s.U....z5.;.../..2.w.4...0.~.G'..]n(........>...w........j..Y..x...{..1.K..[.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):534
                                                                                                                                                                      Entropy (8bit):7.612774725818713
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:oOA6t2EDGNIq4tAWLERUcnoTxXganioTE5ActLlVM:ReNIMHRUH+loSttpVM
                                                                                                                                                                      MD5:5B26535228B33B492B7FDED9E3C8EA32
                                                                                                                                                                      SHA1:D5728C36B4206C118D3925A4A68B95A8F46B726D
                                                                                                                                                                      SHA-256:19927A9D850554A0FDE8FC195F94E8E5F158D3605BAEF191E552C0B4CE4CA8D2
                                                                                                                                                                      SHA-512:E8081A33D9D22B9787FE9FAA758261CB5A1DD2652E67F27052E80D0EE1ECB79C5268CC7C220C1981A61D2D66F9694725BCF32B97FFC8766E3EF244B555CE7EC3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:M.=^.rBy...|.....Pm...+d...O.8....m..k...h.G.6}..h.....Hw.....:..B.1....m $#^+].=.*..c...w...7.[.%x...4m.>.L....D.P.I....p..I..M.B.....4....{.....8L>.P...<.p..r.E....L.T....f'.".5b....3.E..f9"T...2X....4{.W..}M.B...........0syg.@..h:e].....8!S./..3.w...m.U.......S.qK.c.~.9:......S.7Q.L..L%.........T........y5.;.../}..qt.t`E.....>r....x{...x..?I.&...xj.._.......(..<3B7..I.(?.T....n?..c.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):283
                                                                                                                                                                      Entropy (8bit):7.25565479746458
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:C3P45msJ+RKqO3904YlgoXnLYgko2WEKqFCKZRQeEClVMn:aPojJ+RKv5YlganioTE5ActLlVM
                                                                                                                                                                      MD5:16F56297411E5B5ACB250E3B1D201F1E
                                                                                                                                                                      SHA1:5BC90BE556E9CA290935F5522560C62B2FE57964
                                                                                                                                                                      SHA-256:AB9DC451EDA1AF1B7A4DF3A80B0CBD048B3796FE92EA04AA8BB40F958F9FB14A
                                                                                                                                                                      SHA-512:7BB4163A0A0404E445E7EEFC14848EFBF62CCFAE5A2EAB89FA15BBEC62A865292F43594DB16504E6C11ED6178662C03DAC10AE1C22D572A5A0A8BA0EA7ACDC3A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:V./.r.&.(..A...g1"./.?.B......'..:......$.........}. ..$....7..B..5~..#w.t`".0(;;...+.N...y...:M....5.z.....O...A5N..^..oi-.{....X..Z@.*9.i...l.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:SysEx File -
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24819
                                                                                                                                                                      Entropy (8bit):7.992995601709544
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:Bwvo+44N+aFwDqnv665ozio5Uiy+4yUX7:cN44Bqqni65Uio5l07
                                                                                                                                                                      MD5:4690045CBEF6C1CD05D65BF1F50AE68D
                                                                                                                                                                      SHA1:26A8B0733F8E52D5633EBB6E783B8DD2D6E4EA03
                                                                                                                                                                      SHA-256:A0277015CB95BD6FD76AA2C8F0C26320283F050324E56ABA3B6AA4BACC1D7409
                                                                                                                                                                      SHA-512:4B2D24E31062C6E1FA03207092D3D3E8319DD778C38B4294332BB495DFAA728605C1501540FADBCE74076EB426A967FCF0B34D534C79D8D2B356A9CE722285E8
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:......E)p.O......jA.4.A..:..... ..e...<`q..f.-...k.o...X.....h.{.k...%...S...E1$z....O..D..I...p..Jewj.kZ0."....LE?u.W..;k......j...FK:...._...hF.S..Q..#.v.e.k=[EH.9..v.1.W%.c2...v3..=..j.. ..Z..v.K7.....EN....?..Z..hi...,.....7c...$...[C.2u....E..Bo..&..Y.N..,..G......;....fTH.....|...2m<...Y..{....p....h...H>...~.A.\.}O..Nic.=...t.tw~Kg.... ..........o9m...?"3.Y.o^.{..N.G.7....../.?@.`....(.x...@.44.fd..Pd{F..N.P....*.0N....R.ufS..J..&..E&:.........[...".c.bbIP.xu.|\.Q.....6.l.(H....qF.%...3...nXwjWK...+Y6..J.-...&...0.p..z.+.....`G....b..\;.=.P9]..!&.|7#.MUFywZ...h."K.*.lSs...W.iS.rw`..l.y.K.|Q.]..]\O........^.H..S..m....Do.._.X.pL....U..'..y.(..!7xN%.wAq.....w.=+.u.$...3...Z...'.1'...+..S..t`/....`>.A..|...[A@...d..[..uu.....Y......`.....tiE......nY..?......zy..!D......"..4..*..P.V|@=.L.!~...4..P.n>...;4... (...p...j{.].S..Ha......f...7V.1Z/...LO.7|m..&...u.L..-G.S.RS,........7.q...t.Ki.....(.'../......&..r.D[..^.i.....-.%g..r."..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):86254
                                                                                                                                                                      Entropy (8bit):7.998101516152456
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:bcrHKeIeaSSV9XF5qA9GGRG3d4I7IUCk9o2bPRGyF98zQRHI9x2O5QYII:bTlV9XbqrGR6d4M2kPbPnFWzWHk2O5QI
                                                                                                                                                                      MD5:748F5EBC567733507825548BC21B88B8
                                                                                                                                                                      SHA1:96BA96CAF4FD2390671ED29B6ACEC7ED4A89D2CF
                                                                                                                                                                      SHA-256:07A99EA5BA50764074CC9F96C905D000158716F64EB4A90E14722BED261C717D
                                                                                                                                                                      SHA-512:9608405910A2C804425D150A6CB2272695178DBBA4E9EC935DE12C233C1C62ADA8839D7080414AED11B6FCB846AF4004075F2E73E5EFC98211744E51C986F877
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.82.>......ID.C... @....2....-%7.Q...M...M.*{..nb....w....g.a{.b..*..<W.Vk..m.(..r......O..O..v|..[.5.I...0..V.T..8.......=........y&]...r.(......6...R ....eF..(....4.M....A..}Q{.zCo...<.r.>.....(RdT..R....bS...r.o..i..)..m..s]...-..4n..`..0.O............ .m....".c.......0. ...CJ.....S.*....J."...,...Od5G.r...q.dC.c....Lf.!....t.X.....o69.Y....Q_##"....F...F....N.Hk:H"...>.ri.E.@.C..+..2`=.@8....+T.J"k....Z..9X.&.Q...5..S.>.}.!.hw!1"..l...[..J/nF..sY..K..<J.N.3v.a..........tC.5.a.u./..0z...@.B..0..Rh..PD.......m....Q]..w........C.=....y..&..6.-.j^9.w.k..V....,...4..{.."!....b.a!.m.t zQ...V..Z..6....s..jy.,5r4..f.m.\.hC..m.c<8..q7.AL.._qf.Xx..C..cE...p.).5M.^......#...%.ui..E.s...]H1%l....PN.....lx.j..W..\....g.;A ..,.Td.;.......-2...x......F`..k.Iw.9.=T0..:Y...D.....].C.ck?.-?.jfb\.1..U.z.$ .........GiS..ZJ.A..J|.y..\..2...\MUs.d..I.~..8.^.HZ.n.__w ...E..f2...O^..."..}....%oP%...\D....;.F..t.!.vf..../Q.{x. .w..+M..~...<U.....J6.....a
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):248
                                                                                                                                                                      Entropy (8bit):7.17517366718777
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:wuti+cf/b7EvGPgoXnLYgko2WEKqFCKZRQeEClVMn:wZ7EePganioTE5ActLlVM
                                                                                                                                                                      MD5:E026F467D8E9C6E88A5BBD8771391A5C
                                                                                                                                                                      SHA1:9AFBAD6FF89ADCD3A53878C8D2081923E4D19B99
                                                                                                                                                                      SHA-256:D3D50DED0FC239C5386E1A872C9E3073BC96CC6A29A786AC13634D4AF2CA2C75
                                                                                                                                                                      SHA-512:E3E664C8EE85ABD0E5EDF554E31F7D86587746B348CAB8DB4F98F0760FBD44DB50DA2DEF023AEE2CDD77D9464554515EDB6768663DE34F249573C07CDCCF8DDA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...!qsPM4.A.T.n7*......G.D6[h^U....yg.;...,~..rw.t..n{.....YqW.x...c ..m.mzW.5......0.$.9F..dfC.C......._.]P$L...eb.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8422
                                                                                                                                                                      Entropy (8bit):7.974666818948269
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:7aKgn7HubU/P4TknGIuKd+qIVSE3oUvp/wsl0C1Yy6Su:NWPmDIndjIVSE3hh/w7N
                                                                                                                                                                      MD5:1E29F2A6ED186BE4B6C93A9D9A22BFED
                                                                                                                                                                      SHA1:FFA9D991C6A5BA62CEBF19EC28ABE0C754BCAAE9
                                                                                                                                                                      SHA-256:79DF5678F8BA4F2F29C8DD5F0CBD030E3CA130A7824D75D1880FA6B89C3F8807
                                                                                                                                                                      SHA-512:090E4FE8D941F4D6BA8F812CFF82494C667EC14B37711B0FD7D87687E5C2E3D48F09AA2B03B1F147162A9ADB3329A1507EC470D0B82838D6E4A7EA686BBB37C0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..8.T...3/@.U..b|.0~..9...[!..._.r.l!X=..N..k......o.BR.q..,].j5%.U..o4]N...fz......:...R....=.e.T......+..W..m,ol.).i.R...W`-..[$..<S.{...OE'..l.....);....J.W....,.>`M...2.......(.F.S%...>....[..eP'f.0...YD.w.....F....C.m,*1....i...........4.....H.T<.n...+Q...m.3$..H.GH.<F<a....6*7!....5..Ry...L#IE.@7.>..GcOf....:?....y...&WuH....VmL..DmqbG._+..>..`.T.HI..k...s....&Z...t...,q,85..fB,.M...>.{......O......2~Ib..p O,.?..}CMx..+.....L...~.......WZ."z.Z.(..q....*..[......R....OB.Uq)W+......-.n.D.....w.Y.}B..#..-fe.W.<.X...Dp.j|Zv...+.o.~..8..=.#..V.2.T9...2b....g5..V/..bn.~..j. ...kC........%1O...X.~....S......m....`.m..\...{M....D;V..~.y..EQ(..Vt.2n8c.......q.r.)..sC.,...42..u...R..L.f........|.Gp....-......`.....`8..s.fVg}..u.}`..+3j-z..p.M+.S...k...Hy...N....T.........o..}.g.R..y.......>d.G...M}..!..}I...t.dqg....p.KC.z1..L..r...._..D..~.j..r........`oM,....8.l..C.....:*<8=.t.i.g..V..a8..`.N^y...$.....2{.m....6.hw...[5.....X.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):270566
                                                                                                                                                                      Entropy (8bit):7.999320620769012
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:RkKczMMHSmXn1TPhLiEZ5WuJNPfohkMUwGM0W+2mx+:+zMq0e5t/QhkMZZG/+
                                                                                                                                                                      MD5:B7B5223DAEF603EB2D33A84315AC1B69
                                                                                                                                                                      SHA1:45C059F92624E83D7BDDD93D185F33BAD9B37090
                                                                                                                                                                      SHA-256:9ABCE786C72CA1AD48DDC2AF243953C25F8747A84E3378168B47A9DB876181E6
                                                                                                                                                                      SHA-512:871C1D70E091D4547028424497367D3ED40C05D6AEF11D6D2DD22C8515AF2BDFA5C0D0DB97E6B607F427E8BC1A315313F3C12DADB01EBAA2B4BCF51A9224BB8E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Q.|....E..q...Lm..Zg:SV...,....<,.E..%.....e..]...&|...,.....3w....It.?Q.6....lF....Bh.kUS...T.D.cd..3K~.u.2.....q..pI..n..a~..^?.b......"'.,h9.d.l.....q.g.A!....m|...;.c.B...g.+A.c+.......):H.......''..[8Z..v.QU.....!..1.qWw.M2.mP.P.#%s.5...6.....%."RA_.W.O.....(....Z-.......#c$a|.N (f.V....1!..S..8Ya..!....yHH.P8..s.b..ne...66\.....,....*...y......>Y.I..=..X>..3.).o....#.(!o....>.W.C.B.^q..KjC....:....o.]..;......'....pm...:.v.%..<.P.. .....~S>l...D...e...$...qF..V...C.y.7..%e...6...p._D/.Y.SC]..y..E#..)S5....5.hV......i....a.(..&.....4v.e..{...G..Z..~.....nD....R'..).QZ.DG..D]..Z......0(~..b..T..N.......~uZ......t.Z<\..u/_R'....n....|&........nQ|..h.F:.6RC.......l...S,....ZfQ.-3..p+..p.>E.\ty.....tk.a.'...........}.b..a.L6l`.Md.,k.... ....^o..JS.d..h..j.x.S..U.v.l...7.X.%g..<......|...`.\.L.P......D.....i...%.h.-.......[$L...h._._|.p.0J....C...g.V..i,.<.x...2..]u9..~j<...X...;...$.S../..vP.2(3h.c..j...x1.@.5.p...y.R.B..e...*+.T.}K.M....5...X.Aa(6}
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8422
                                                                                                                                                                      Entropy (8bit):7.9793931042534085
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:dwmNTrXSgQd6VRx2woNRSZPedtMwxR5FBbL6bVio:jNTrigQd6VRx2RHT5FpL6co
                                                                                                                                                                      MD5:B86146381920EA3AB0D13222CCD7B5C2
                                                                                                                                                                      SHA1:4BB1979E3C79B578F2EEC1DD1224CE6AE263EE94
                                                                                                                                                                      SHA-256:DF5D57B8316B9D4801173083DB51830DE33F816043EB6D9DDBBA2CA3553BF6B7
                                                                                                                                                                      SHA-512:7810AF9CE0C98B69613CB98657F196020275E7A3A4E516AA981C5E26B705ADE82FD6B13B90237ABB10CB8597D7933118AA4759C1A5319BED57C871CAB7C069BC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.OV..........v.fM..*.`f@....&]C..#...=c=..uJ.....M.^...p..AI....\V.."#(..hu....Z9._.x78...Q...._.= ....q..*CnYYY'3.3..g./....O..4.A.4.(%B.....yI..ly.....B..g......v....t._5..<..{]Mi..a..6i.b.i......y8L?N..*.B".Y...9./.......@E.._"..p.t..;TE..`.:.h..x...I....3' K.w.:....J....._....b6DHy.i.8.WA/.MN.6:..+3Pu:.h.m2.`.L.F!@2{2n..).'.-.q@.....V'.r...uN.....&L....M.j..5G:.l........~.9.<u....^ .-.p....B.J." ...J2.E..../..5L.Q...q{nc.$B>u.J...U!..;...a....H........o..>v...@.]K..oO24.......&..F..{...>g{....n.`-...s.....S...J..B.".8.........%.'zOZ.Q.....................r..Du.Zb.2..g..@..Co.....&,.hxi-q._k.}R......,.T2C...%X..y.r....W.`6.=M$.....9.i..`..R[&..v..w.n..e....g.(.0.e.F.M.X...yD..7.^.U.l/ ...k6a.}....\.s2.s{.P.L..kqZ. .E....X...S.S....t.}A.c...i.........W(&tH.h....*!.p.....~.........~..g.0....Dz..|7......y...M6....I.3...u.#pa..L/.J....W.!+..?Q7.~P.B..?.G..6.t.Pz2.gc3g&\.....`o.....B.o].t....C9.........Vc.z..i...$....uWQ._.._.k.....B..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8422
                                                                                                                                                                      Entropy (8bit):7.977357017623241
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:EWyGKjtK7HY/xxF53GeXZFNCjm7WUgIDoDkVJJ/hzIP:fPKjLxDNZFNOma9DkVT/hzA
                                                                                                                                                                      MD5:30FD6AF25180FCBC316CEA1B5879AAB5
                                                                                                                                                                      SHA1:FA9D7442D1B370A4453276DAB768B81F59ACA712
                                                                                                                                                                      SHA-256:6AD0CF846307030EB4243741A3825A0312E8E0F55D909CB352E8320BF877AB39
                                                                                                                                                                      SHA-512:D1E1E6513421A4FE5DD93386F909A9DE5BFD1EF9A59ACA0E73ACA0589CE43B476BF5A33A8BB30872B66978D84E3E966C393DF27C12F492867623714CFF9EDE29
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.Q...`ny5.].`d..Pwh.7 X......W.n\'....Y...S....%...."^..."o.%I.N.4..7(.aM.% |Uib.+.\..z....w.~V.U<w..g.R.L..9.....ByC.<........X...09..Z..tw./F..........?.. ..].MR.....[_.!%.I..U.._..j.n.g..|..v............'.a.......B[....$x....c.,.M...-?T..nM.<....".A...8!7...R.[.4w..P;1A........O...$.'.N..5jzp...K.S...n....'.s0.....%.&.. .+....]~..,..U.,V.._.^k..m..l.N.......z.2..f^1.f..=Z.....d...y..<,......B..%.J..K"...U..A...m..E..z.N&...8..k*4...W......2...)I....MA;."...=..3.....Ud.KO...?`...r.4{M..h.N...s..... =....&...0!.%.NZ.Py..r+:'.h../.S.#.t}..M.xj.1..o"-z...7\..@Hhm^.x}..o.....a^.8..5.@.Jo...}.V..,.g.W..0F.zx..D.V.$..U...)...^..@...i..,....=.A.....*.,../.-,.nk..x.....|....J.mQ...5..p..Y.F&r `....W..J.[.6....Yn..e...[.Z}fo......~......bS....B..H..._.V..r...:.(....6.>r.%^..H6.i....b.....M............n_..H..;.?...g.F....(.,..\`..4..je...!n$....@.. 2+Va....+....4.V'.".q........,".".........G.... .i}.`.J.,.F..VI.B/.C.Q...Y.....d.... ...y....1...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):262741
                                                                                                                                                                      Entropy (8bit):7.9991924240476315
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:7Zm7RSjLv4iZdWkyG5slyjzu/RwXaEsul29oG19unA4nJCPNKj:1m18LwiZByYdaEsuel1tHKj
                                                                                                                                                                      MD5:DCC82C1FE1C53068F6F7C7875D704918
                                                                                                                                                                      SHA1:038C221AAFAFE7F07C9381F097A6B52D7C03AA09
                                                                                                                                                                      SHA-256:7B66F597F1F73C80B811B871D107AFEE397D8D12759C924A326678F392652DD2
                                                                                                                                                                      SHA-512:77B6EF0B5B84C32ED69D81F9FDB337AD32EE3116429D2F8422AB61FEB7D5EBC97E8D24EEE50008BB859A9F6E9E73D6C876AA13D842CB8FE31908A975E2C30258
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:i&@.%q.~../.d.f..(.D...I.'...9.[.W....|.....:..c.y[5.A.....D..p..bq.9.........*z.....Np.....F6&f.%"N..XP..]..W.h.*.kLP..6..l.C.T....=u....,.2wT...!...S.3j.?.S.9z@. 8.H.z....."...b..7...K<.z.i.f.B.p...H.+.......4......&...S...o=6:2.1-/....Z...A..<.m.Ttk...e.....HpB.........kz....q...raSKL..V:...W.c6.Me.[.......t1.......Ql6;/*.K.pY<q.....1]=h.s.[.]...s.....W.$8<..T^..m"...Ly._Z......j..aU.......bRA'.b.qO. )].Y.m...-\(Q%.6N..`...q.I..r.U..^ig.UR....S....r{..M..K..!2....;Ft...y.5F........j..3..X>|....@.!..9.,.$..{.Y'F. Y..*<.C.guq.....R...8....).....!f...F).1.C.9%....-b.T.A...c"..7.H.H.<@....,...uw....C..........P/.1....^._.@s.1..R......[%..sPS(d.....+.....{.RP.].....HB...$..-..O.O...p.Q.=.J`.?.m!..Y=b..>.yW}.\.=".x..K........3...f..&.....J.y........42.>.q..4.'...O.e*.....+......&...2AWx..fK)J\..iq.....M.UK..<!..f..].0.dD.$[9.Es...".....E.|G..0..H.+....m..$.....j../.!.+......%..(.x...........(1.E.`.Ixw6..>8......=...[b.|..U...Ksn0...M.3{.U.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):458
                                                                                                                                                                      Entropy (8bit):7.5349739051525635
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:b33E7CeIZlrh1WSBIK1+DQ0JxktEFSbL5ulganioTE5ActLlVM:z0ezZl1X2K170JigSv5nloSttpVM
                                                                                                                                                                      MD5:5D3F4F22358C4A00410AC6B9FDABF94C
                                                                                                                                                                      SHA1:4439F2C6EF829DF9DF17F78668A57C12B5141B92
                                                                                                                                                                      SHA-256:8DC877829F2E536A606C76904B3353C267F0A635E1CCCC2CE6FFD3E2EEBA5ACE
                                                                                                                                                                      SHA-512:F4C0AA04CB3F5145EAC16223934FABAB1295B066E4FAEBC2FE0B855BD99D677764E7EE5503267FF63BF64D83D471711C7CFEF0C6ABF9256EA99C7D25BD966222
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:@M..'..&...b.'..O...:Lhq"...g..W6......1j.4..+6.v..<|a.k.......B~...~. ....Bc'. .mEj.7g..T.c.`..CBaR.a5Yw+....=\z<..cX.u.'..d........Le..+.z........~..\.G...Nv.ygU...R|.$........V...]+7.....dj..{Y.z.l......~X7..$.T(_8.._!q.sw.U`".b(;8......5.0..1...L..../rr.DI..cR5....F...`...w......n..0..K.....q&..s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):420
                                                                                                                                                                      Entropy (8bit):7.518758048686818
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:sxouLnIRHIvTGA+8eNkZua1caR+BcDM5UKganioTE5ActLlVM:sxzLnIRHILGA1eeZTcs+yxloSttpVM
                                                                                                                                                                      MD5:CB84A993C5BCD909E02282C9DDA1A948
                                                                                                                                                                      SHA1:FB0D0642BF6043FC5080ADE6EF81CF8B881A9546
                                                                                                                                                                      SHA-256:E700046C82C616B0976E7712FEA161FCE21EDE2474124DD19516F8C4FAA7743A
                                                                                                                                                                      SHA-512:8E98D2595F22062C70A8E84E964FFDC86A1073DF89C9E8D0DBB95A46C8FD4D2CF7F9EEF110B2BEA4308421FF862F253B6C9FE635700A21D114A9A4C4EA680B96
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..\........L.:."...>.....].tIm5.OE...R.9Y..........B.l.......+.>..F..O.!......s........pQXt..g.a.......A@........"....q.....{9fD..)J..fe..."..K..w|.....[.3.....=..Z[Y.x.g...Hm5..Yf...nK .....5~..#w.t`".0(;;.....5dNm..&.8.y...j.....{M......'...e1.v....w..8.(y8.o...7.l.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):498
                                                                                                                                                                      Entropy (8bit):7.557834579155836
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Z0hIrxOeSW0EeoYUXjCjH2U10BJganioTE5ActLlVM:o4SgPYUXjMWSjloSttpVM
                                                                                                                                                                      MD5:A7D6CAD02DF37499FAF0EBA3223E7FCB
                                                                                                                                                                      SHA1:D0FDDCCE295E55E182067D6932D95F64D5F68F0B
                                                                                                                                                                      SHA-256:C67474C0E80B60137ED9941DCBD5DF0E692AF20B07373B76D6D38313E18D86DD
                                                                                                                                                                      SHA-512:08F960D0B9A667A1BC1791DFDEF7DBA16CB44B38894717A9C51E766C28AE66E830404549F12600917802A56A576D61A71FDAA3C6066685483DCD1F619D09846C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.O......N...h6m.,...Ae.yc.G.....I.*O.B.E.. k\...@?...H@.g q.*.......+...4.5.2..Y...y\.@X...=+U4x".4.[...8Q..9.....G.....9?...b...i.A{...{.B.7.......j.......W.(.~....o...4.......@.K.......?...y..|.......*2...U..q.......7...YL,...A@Y.v.Z}.f.h6<.=\.*..AS.....p...w&t`".0(;8......5..A-..P.Z.....n...{p...R.......{.%h.{.l.H....#I.....hL.$.E.r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):461
                                                                                                                                                                      Entropy (8bit):7.563543183458723
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YapuFXRjg9H5Z3kb95bY3/C77ganioTE5ActLlVM:Je9SXkjeHloSttpVM
                                                                                                                                                                      MD5:0C3FECCECAA1FB6D88522C98A55B6952
                                                                                                                                                                      SHA1:C4282A37DA027FF16A2DCA913CF55B859C2BDCAB
                                                                                                                                                                      SHA-256:4831968275A665609B64B505E243F8E092B5B0F2A8C441066D08D0EC29DD41F0
                                                                                                                                                                      SHA-512:A21673E0029BC2A155AD255097615F4B538AE18E02953D959B851A719F8E8FCA2AB7BDC4A7B3C66D6511CAC1711A0C5947034FCF3F1F816E51EEC3082CAD3B87
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:).#.......r............k.5..]..7....[.f%}.79..:N@...........G..$...L.wZk.....9.F...v...9Q.{.....[.^....V.X3..o....CTT(.y.w.=P/Tx...........m..{..|....`S.N....!..](..NET9G..."..c....-'..ieRWl....2.F.R.Y.).m...7...J@1....*'.... pK.cqh.t`p.0(;8......V..rC%.M....t.a.o.0tf.#.O[;Q.<'.p.*. .sU.@sF...p.\....h..Tn...q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):467
                                                                                                                                                                      Entropy (8bit):7.578906952934631
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:ZvcXVXoO6fNwWDZfxm+8E8L9M7ganioTE5ActLlVM:ZvSC56WFfO/9hloSttpVM
                                                                                                                                                                      MD5:872CEDB7D9EE113AE9F782603C7DBCD6
                                                                                                                                                                      SHA1:6200CFE9002E1D79C4E5AEB987FD3B5AA4954774
                                                                                                                                                                      SHA-256:098F1FC0E87C2ECB2F2F65CCFA8F4E46A02A886588E59E80216016E7C5FD6C33
                                                                                                                                                                      SHA-512:393529A2FD9F11450E66778319BC50565CA3B121892192AD6E881FEE6D74CC90358C145EBE0A4852532AEF560D7455FB09E91EE3A10116A857964C0BB895E6C9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:d.|P"..}...Nz;r..#/L........g.|=C$N..+pJ....... R.G...J@.[....T.I.QV.....v.).1.).!.H...bx...>(..RV..a.ij...X.....r..L.#..Nz."i..A..E........U.....E.Tu....>o....A...O..X3Cy.....$.....-...u..S..%1:.mb...N..Y.-_.3[.|.o....^.~o\.......2..{pC.#qh.t`p.0(;8.......5...%..".......d.....v...h@.G.."J.:.^..M.x3..]h.z'.Qf..q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):461
                                                                                                                                                                      Entropy (8bit):7.5631540569585685
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:McKOf8O0ui+ACEjnkVp5QhganioTE5ActLlVM:Sw8JjYVXQ2loSttpVM
                                                                                                                                                                      MD5:A4F1D48CAE11FD117E22F5D871AB834E
                                                                                                                                                                      SHA1:02CA907B7A12AA273501904F4F3D5F6A90B6C8EA
                                                                                                                                                                      SHA-256:5293B7765D6995A4B7E641FF6AE40CCE147AB07232F860484E3D8A48C34417A4
                                                                                                                                                                      SHA-512:B7ABE274497A0DE935CBFD58D018240B64D92B4E63CD00B26F8602610A955A0F9AEF0C8E8B076BB2262BB5A470D96B46627421827BC525C046598A26E247A859
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..zgB.n..s.UgI.i...!....M.P.....V.E.,..(.]...........X./.n.!.1.N.4..~..P..K...d{S....)...7{........)...u..eX.....F..?..]x.#.]'<.X..o~.gV..I....i..].&Y.0)<O..#x.d.`...X..Z./.L.O6.]b..,W..*..=:(..M$zW.R.....AS[.x.f......f>[....K$u...u.!...w&t`".0(;8......5..\j>,z...t.., .W..r._;.I..........{/i...+.... :..t2C....r..n..r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):432
                                                                                                                                                                      Entropy (8bit):7.500366186415147
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:lThy3jRyptjzK1PdZC9c3DED78hlganioTE5ActLlVM:0QzjzmC7D1loSttpVM
                                                                                                                                                                      MD5:6815E5BA37F8DE375FDCB54C47C1C0D7
                                                                                                                                                                      SHA1:BB8D158C750174144C4D71A4673519CCD54266BB
                                                                                                                                                                      SHA-256:DA315CAEEBB6EDB8D68B62E243C6EF501C985C198259D0C7EF4E1B5339F15994
                                                                                                                                                                      SHA-512:BE8388126512AE329CD1ED997E8149B846F9DBB9D8B0EF9716F22FF453D860C98F6C7CA71CD572D90BD0B788D5F41718D927477AD2E35CB407AE68C0FE705018
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:"Ef..^... ...l^2..).1W.S...Q....}.."..3...Z.....oO.H.Uz..R....q...M0...%[".)./......+RU.?:.j......2...r.#Gs4..DW!.+w.R..s....+.b..m. v..........V&...\..u...6.2.....1.....Z}.....[...k.X...^.Be........*.p..%s..U`".b(;8......5....j.......]..v'V...`...C...NY...o..&y9.aY..D......#.G#..ZV.M.Xs.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):431
                                                                                                                                                                      Entropy (8bit):7.421586775169263
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:U6Tufy8+DtjbLe3RsRh4emnKWg3WeXX7xk2+HqivganioTE5ActLlVM:jqfy5te3EFmnKLWUkTHqi4loSttpVM
                                                                                                                                                                      MD5:415085D1B84F2F10028D00D758EDE8F1
                                                                                                                                                                      SHA1:45C29C65FC658EAB188D3DB4E7C7F179ED9CDBF5
                                                                                                                                                                      SHA-256:58F6D9802562830C32D408CFBE4C343FC422915FE3A443C9FD649581169B1BA1
                                                                                                                                                                      SHA-512:EEDE2A1C1923A940AD51110EB8BA4D2D51AA69358BA1F811C1D9E80C73498961F295E89CB2B113AAB2657BCE390C33B0268DD7C1D45E4FFEE660556E1FE096B9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.:_K~/...l......c..h...a.....".?z.JG..C.......f...N.k.....N..C....G.....d).m.8.t..orX....F$.|.....Z..9....7t ..$..Q.....u..?.e.[.....Kl.p_P.S...Yh....|.....'...u~<Z..eT.]...o.....F@b....`..K..%_...Lu.tB".0z;8......5..S..N......X.B...h.t..G5z.G.......G.|..u.K.OE.....y.K....mj.u.W.t.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):462
                                                                                                                                                                      Entropy (8bit):7.51106061751708
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:eL6RLt/wP2IwjcSgNpoC89eJcganioTE5ActLlVM:LRt/wPSZg4CCerloSttpVM
                                                                                                                                                                      MD5:25568C96683BBC01BA6BCDAF715839CA
                                                                                                                                                                      SHA1:1FDFE7B472A30E31BF7CC11BA46ADCDE7ED29E3D
                                                                                                                                                                      SHA-256:94A7235B1AEA8D141C396DB358A6ECADEB3451993D5C3D670A39A42E2AEDD678
                                                                                                                                                                      SHA-512:68C248740B23C7BA300AB97B93214056F04E15BBD94F53F753023486C9B256F9789FB803EC281F965A0D7FB3EE0F2CAFE2D20895A5B3EE52B7461245B26222BD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:^.X...w".eI.C(..nB....{..9...T....hz..c........R....S.Avkr..G...........R.6...[].TE.Y..b......{s..........S%i.f?OH.:..:.F.`1@....Tb+..i..9 .7.O\.#iw..d...:.B..Bt..m.{Wo.Yv.!...3W.}.,....E.z..y.}..6#.n....].,.>...h6:.d@.1.{..].....cqh.t`p.0(;8........i.....G.....[e...Jry.p.~..V..{7..&6.r..{.RZ....4....9.mCq.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):438
                                                                                                                                                                      Entropy (8bit):7.460944631729958
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:IfRg1qNB/YmXl/bC3SwE7EyOYFXganioTE5ActLlVM:IRHNo3jKELawloSttpVM
                                                                                                                                                                      MD5:00013EF1A6C174B49B3B42BEAF838521
                                                                                                                                                                      SHA1:838818A7219CDD72B89E21DA34AF82B0CA9323E9
                                                                                                                                                                      SHA-256:893135F1646A46AA10FB654E302E9749D29F8C3DD6FB8862C3230D501F2B7D73
                                                                                                                                                                      SHA-512:2DA484B40849B36689F8AC9D711C178321178AFB2C054DA8C211C7B7BA493DA5743F93D5E4556670C204B4D00F7DC18B99898F788EE02CAE95CFAFB59FA02128
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:6.....a..(.jB..54.e.@t?...c"e.E.>C.9....5.o..&J&......?a.P..])..3....m.L.\4....a...........r.\W.)iV.fH.j|.aC....zo._.Y..'C7(..DL_x....Z.?t....A.R.A-.......2./..P..,..1..o..2..c7.b..\.y.o....[.K.7$.<.Q..'...pkr.qh.t`p.0(;8.........UE.,.J?R..d?..........z........XZUY..........<G.....z..r$.q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):497
                                                                                                                                                                      Entropy (8bit):7.635801376632862
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:zhpoLEdezCDo0O3zYUAJybi7bV4kOPjEQG4EMrganioTE5ActLlVM:34zx0rFh4fJ7EM0loSttpVM
                                                                                                                                                                      MD5:7A139E81C5C6C200787F31AEA1053F3F
                                                                                                                                                                      SHA1:17BB01575670B7660D33944A847890DB160375FD
                                                                                                                                                                      SHA-256:75513BF264831089A664FC6EF40B847D5D6E85CF6B766435FA48C942BC4EA54A
                                                                                                                                                                      SHA-512:923BEAB9E5580C3C9A0933399186269617EE68C02A270CCF67C658838AA0DECF4018D661EAD1A7F3EFCDEE82F43C56186C72570FC5969B16EBF67656786FC704
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:=E{C.....U..)..../..wz.S..)nn.e..+.;..[1.%.k72...!..N...u.o,.G....f.X.^.0.....T...k%.&R.n..nk..'.X.7.Ar..-.N..o]m%$.^......vI3..q..X..]n~]Hf.2......q.`........%+H5*o......*.c.....s.*.#Z....B..l...OZ..p..1...D4_:=9...d..F @9h...~\T_.ap.....1\.y.<...n6=}m[.....T.^...p..`.u.U`".b(;8......5...f.l..4Yu.......V.e..8.E..?$..O.@_ ..M.....@..pc7....Y...V.|s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):463
                                                                                                                                                                      Entropy (8bit):7.500325040108387
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:TWMrabOsbHU6WPJ6NFx0FitjGZmganioTE5ActLlVM:TWMQb06WOFxH6XloSttpVM
                                                                                                                                                                      MD5:04FF91BD34384910BC24948AA9D41477
                                                                                                                                                                      SHA1:A06E53792680BC9505C044E57B7C83CC1D8894B9
                                                                                                                                                                      SHA-256:AE17AF2C9AF315F4EB36F7CA8DBB2AC236815DD8AED1AEF11E4FD29A63509D1C
                                                                                                                                                                      SHA-512:B017D07ABE84C0B7EEA14CDAFA6D58077B8D5020B0AC5D1FEA6A5BA86499EB0C67DC93B39365E7B2AA651916FD0F2FEE1AFE8A15CF26227E7A9A04D2A9E158AB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:&ZX.sv}..f.j.........$..z.....D|....4.......'..n%b"0).:.p..t_.R..y..@..K.....h-.Ra..'.....j@..>.'.U`0.z....0...3.@0..c...b..e.R...+.Z.^.Z..Uj......6...&..7Jk...6...@m.@/,.S......H.f.0.d.k..S.L?.-~=7..._.).=.X.....@U6..$.......')!.{sw&t`".0(;8......5x0hEb..F%.SG<..e....3.r.....rrP....V...[Q7...u.yG......S!..c.pr.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):455
                                                                                                                                                                      Entropy (8bit):7.551476693558565
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:08cA5FpYTj+HBsdZ3gw9iknaE/vgYganioTE5ActLlVM:08p5TYTjJlgw9XacoloSttpVM
                                                                                                                                                                      MD5:C27C3FDC303DDEF3D79B0AB14C6EDD57
                                                                                                                                                                      SHA1:7FA90459168AF1A4353FD71B148E85753DF159FA
                                                                                                                                                                      SHA-256:FD5A8D32695379C54B1D6365E4C8DF8AC9A40BBCD6A0CA4BDBBCE90C417753FD
                                                                                                                                                                      SHA-512:471E9F048EEE28EEA9E6400BF60AA5B472090B8E295A35C427583ED77057DEF2CC92C6BC6011D5CEBEA1EB343B1E1AD7102FB8028FCB332C047616761E465F37
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:U.a....|...N.aTX..;...B3%.R..A.`...\.!c.1G5.E....F.....5s.(R...N........F...U.C.{|\......A<.............Lg..M....F..T{.|...`.$..x......3T.)/....tw'..-i(b........b<....'..v......=.(..l..3{...:..^.~.m.......F.7.....$.]...J...du.U`".b(;8......5....,7..h.d.o5..O...O.bm....siGl.-..>.3....1{...].....7.">..Q.:Ls.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):461
                                                                                                                                                                      Entropy (8bit):7.5607862549407265
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:McWPtACz6atzOExW6//QE3Gp+ganioTE5ActLlVM:OPtrmatzOExr//tWlloSttpVM
                                                                                                                                                                      MD5:39BC585E92428E093195A1F8C7EBB434
                                                                                                                                                                      SHA1:0CAA84F2FBE54D2C6E319B51D538771CECCE0D39
                                                                                                                                                                      SHA-256:82A0E846393F7C8413E218D1F20E706BD6FE04C9E778E9CC148E3D7BA1456478
                                                                                                                                                                      SHA-512:FA06DCE0069363ACB7F0912FB3BB671DC44D349FFB7417812952BCEC8A4085D7C3BA94772BEB5B278DC641D0DF7FED90101447007D925CE577D5CBCEDB51BE7C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..4`..nm.>.:.s...e..Z...hqA=. "../.....r....y.qcG......j.Tl......RIS.w..G.@.^.....E.<..2...+sq&.......Cm0p.....bko....j..`K.+$7.dA.^.....@YbA.^.....J`d[b.7..ua...q.H+..g.`..Q..-.....I.-...3......j.NnYFx....^.~.9.....1l.iP."..Nc.#..f....ow.t2".0(;;.....v.rD.a q.....9....%...5..W.@..S..[...!......"......fl....?^p.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):478
                                                                                                                                                                      Entropy (8bit):7.582473420196665
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:pbCj567Aj10tVKsraTx9AOSEn+oL1hAImganioTE5ActLlVM:IGY1IO/+mh7loSttpVM
                                                                                                                                                                      MD5:6FAC32E26CDB37E56FFEC234FCEF6AD4
                                                                                                                                                                      SHA1:5876B2C19D7CB747ECFA68883D1E85CC52338C76
                                                                                                                                                                      SHA-256:32FB2400CB576DC3082B441006138EED6E917BE13EA1D356E1F1EEB8802B3983
                                                                                                                                                                      SHA-512:BFEA12FEE755340AEF0EE61330DC61503815724FE90841E5AA9669B955C8F466432CE98FD0DCAE5C5042545EB93ED3246E388745F301827C54487CA40AD9DE50
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.w`.....h..._.t..%.{..F<.J4HN...........................#.p.Q.....vR.Yv...)..?...o.6.f.x)$...N[}t....%.;.B..N..O.f.}.?.. ...3V..L=...F...x..D<.J.k...G..`.b..\..*...R.?m........%?0.Mf.Z@......aco.MPj...u_(....A.7...'..T^.}.;.......fjLQ......<..I(N...w&t`".0(;8......5.).$.XgZ..A..|.U.h...h.y.?>.{.%...n..Y...Vh2.h....UO.nA...`.jr.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):465
                                                                                                                                                                      Entropy (8bit):7.547027357655186
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:XWRqUxPmB4XHp/gxq3fmOFbXrganioTE5ActLlVM:/UrXHpT3ZX0loSttpVM
                                                                                                                                                                      MD5:9B90E3A5CDF90D8120579F6678DCA30F
                                                                                                                                                                      SHA1:B2DBF9E623A7239A63AC2255BF753E9CCCC2C043
                                                                                                                                                                      SHA-256:3FB47070BDFD0DE0F62F6A65A50A29C663D15CA5F5A5402B098401A7D71C6251
                                                                                                                                                                      SHA-512:7867A98242EAE3FA5F9A4CEAD9113E99AE4899222B5AC4830D5DAEF748335C4CF96C8EAB8369E45B150071F68CD848BF8DAA567289CEEA6011665F9C99D95D8F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..Vh.....6,..x.L..:.X..(.+.1..+D...h.....l5....S.K..h......Q.9.......6.D#.......w...bP.....ai........%~.....5....\.+...$....._'{...+.C.......{".Z..o.g.t...)... ..KT.5.6K.../W.....$..m..}...p.I...#.Mn;.Sn.e....S.s^.w.=...96:}mX..~.N./...fp..{sw&t`".0(;8......5:....1...0.......@6...Dh.@.2....&.h......3.Q......`.v...o.!.r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):457
                                                                                                                                                                      Entropy (8bit):7.520128284148151
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:MI7IGREj4x5D+/UDJEuXz1VBWUa/g98NuXganioTE5ActLlVM:gGREj4z2yd1VNC3loSttpVM
                                                                                                                                                                      MD5:32F9D5F92874EE9879B625FB1F67C360
                                                                                                                                                                      SHA1:0A04756B481A13410C1E7A2EF908F17C2992D88D
                                                                                                                                                                      SHA-256:AC51CD354457C34F3A38FCB9E748390E402EEC1D87ADF55A160B57286A59AC73
                                                                                                                                                                      SHA-512:D4A018E4F880A0967F1A88CB6D9F2ADF55E7A9FC3B14F5475DF197C42CF8FBAA4AE867ABB5608865F0475A3D98FE7EADCABD763ED77FD77A6762B8435CD1D408
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.!.{)3..p'...)..n..L.K.v.....z..C.g.Rp.$&. (2..A..i.g..aSa.Y...........P.vc1.fL..W .....!K4....E....{..x".".L..j..b..3tI..%_5~.a.y.D.?.i....A..4.>..w.7...&..9\.Xn..@.K82.A.m.w.....'..s......'L...z.3.....BH.M..Q.y.=.X.....KHb....[.....I.s..qh.t`p.0(;8......8..6.|......S?*.....P...:..(S....QL.o..w....)......CP..zr.q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):466
                                                                                                                                                                      Entropy (8bit):7.5685493508100805
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:DyNkI3R3jlQkuWoouMsrDpwvmw6RxganioTE5ActLlVM:u3JsWVuMWVwOw6RmloSttpVM
                                                                                                                                                                      MD5:A8675DA8E5C4900F9C0B322A606349BB
                                                                                                                                                                      SHA1:F918D54388403207A04F7D79BFBE609B47022722
                                                                                                                                                                      SHA-256:12372D98A408997E285E30BE325F0E6C210D50C35D3D389CB1E7A339804A53AA
                                                                                                                                                                      SHA-512:9547F18F45059936E5A6074CE34E84F987A6F085F646682B2A8BCE3F7779BBA7C621A4241463126607C61890EF8749C2453154FBC84194BC0EF5601BC8217013
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...[)8R!F...B......d^.JSt.Dd........p..V.R.,...z<;.ao>....}D..,}.+..P.n}.ch......mf....T.&glZ.=.>..m..~.vA.r.2.k....{@...LmV..]..\...c.l.....~...W_..(.x..\.2.u.<.v../."...a.FP7.1...n....O...y.yTi.i .Jk._5[/..),Q.,.n....)..dP...tW.V...~..qwTt`".0+;8....cl.....g.%..:P.T..U.G.L.1'.ed.b.*..i.....+."..@LS.9W.+^.. C.on.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):481
                                                                                                                                                                      Entropy (8bit):7.543588160908068
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:bYcs1ln5wqwZxXAMftcXganioTE5ActLlVM:EclqwfXAMftcwloSttpVM
                                                                                                                                                                      MD5:68492E0CE137FE74C371350134B709E4
                                                                                                                                                                      SHA1:7B31AD48E295C9870C261D9E861E29D5090A1E2D
                                                                                                                                                                      SHA-256:969E1F193234C09B35CF8725FFA104A018C21E86D2CF307AD5C2C008B66ECBA7
                                                                                                                                                                      SHA-512:C379031B323780665B3B39A42E0E26BA1E22CEC194975B43C1D0E3D051418D165723609E8E8D83A6F0E05891674357DE1E2946B242A0E898B5D33145D74F8F50
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:p..\...y...D.....)..0qT...R.V.N.0.......[.$1.I.s..2..9.?C.:...`....n..7.....]2f..].W..Pl`...S:.'k...~...&.ye.n<....{\......-...@./F...e.&.wS.e.-=...5}^:z(.P..N..Oc....=.4"n...d...9.%ryT.!.~7}.9-.X...9..^..&.?.M.s=....Fn..q...Q.,..M......AG4...PPj...&.!r.qh.t`p.0(;8...........O.y..%$.9......|I.#b.....{...Kf..t.~Q.....>.0C#.P....q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):438
                                                                                                                                                                      Entropy (8bit):7.485308101004457
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:AwWb9y1n1vbphoiDTDeR1UtBsAfVg2obganioTE5ActLlVM:6b9y1n1vbHpTDeR12aQVZ7loSttpVM
                                                                                                                                                                      MD5:0C769543906869471D1A3D11BC259A93
                                                                                                                                                                      SHA1:A1CC69420170219D4085DCFF1F43C0F9780B8FC9
                                                                                                                                                                      SHA-256:A9160D2D4E91A24BDF489A04CEFCBBE4E5E8BC4BE940AA7E8A59630964C809B8
                                                                                                                                                                      SHA-512:0F291B128BAA8BBBBD0E166138BAD02FF06FAABDA5A1D85A8E0D43A8AE49DF9C3ACCED4F55A26AE868F650AA3A7909A167773AF2328C701B1689D1C3EE05CEDA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..TK?...?.3..........-.~%.....x..O.,...w.=..b.}...H.8.....Yc5a..?...c^T.&.o..W`.H..h..T^..i."s...x..&...Q...j....q|.*..0J@.B..x....z.....<.o%.cu.u.V.....F....L.=....P..K....&....K..&eQ.*.k....).J.1..$..Wr6.. .!...w&t`".0(;8......5.g[...NT.:..........M.>....0.G.-/;..b....G.:8R+./.xU.C;.-3.x.r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):460
                                                                                                                                                                      Entropy (8bit):7.5769784163938505
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:HEq/JzQpPiHjs5K7/D2Pq3MqEUG2GgganioTE5ActLlVM:HtWpPn5K7/6PHqhqlloSttpVM
                                                                                                                                                                      MD5:92AF8429A7E18350127DEFCCF8E97AEE
                                                                                                                                                                      SHA1:2843912E3D2E35714737013CFCBE9A92DAF53EA2
                                                                                                                                                                      SHA-256:678D5FB2D6D5B21110EB822EE44C69D14B3DB7DEA02581591950754E32464DD9
                                                                                                                                                                      SHA-512:B48D933C5EE75FD42CFC3B9BF1EBEA53B9912E1D68C99C404706AE01524BBA93DA3DD8D1EC520BEB59C03048C33DAEE2BC29AE6E199FBBAE3210918959A40032
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:B_.......}...}.UN...^.&...~V).^3N.E....-.....p....v0.@..h4....[f..`.$m..d<6...*.lG.j..O~..[;....z.)...a..i#..N..T[q..-....m.N..R...qE.....lcF!%.*.A:X...*.i.:h.c..2.+B._.NBN......K.-]k..F.+fT.....jP..P.~.<...:69.>P....J..]....s...u.U`".b(;8......5....`5=..P...ai...,.n...@x........'nQ.&.......a.C....t[n..2...s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):463
                                                                                                                                                                      Entropy (8bit):7.604387263580063
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:zxhTlHXhV1cGa1M6qM0RINENvchganioTE5ActLlVM:FNFhV1vZM00b2loSttpVM
                                                                                                                                                                      MD5:13B94C9A4BFF1CA1686E44BC9F02DD95
                                                                                                                                                                      SHA1:BFCF5D114492B42E5274DB81A5639D1E9C115053
                                                                                                                                                                      SHA-256:A435563CA26F3F4B2CE856C5A45EF9B1E32E38C4C8B2F287112A7D9E0DDB0739
                                                                                                                                                                      SHA-512:3B6E4A9BADBC7997C54566F56B7D3F0216188B90320AA7789BB749357BB2A7A8303BED1F0AA0BB5A85AE8947BCE76B71E8058716C32AC3BE3FF8AC71D31A493A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:D2......{.K .l..^.K.J..y......T..6.g...AA33.".'.....[..La............t.;8.kE.._z.0?~..o...>..S......=...7..=.......I.Ny.^........O1.<{......T...b.$...,n..z0....o..<....vX./E..A.N9...8.^>.T.|..C.[Y..e.QkP.}.h.......Dc...XP(Y..#.!...u.U`".b(;8......5..4.....#F!..C.%.5......ss..i.&.W.0|Mz.9I;m......".Z.....\.Ms.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):475
                                                                                                                                                                      Entropy (8bit):7.5257561793786
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:/9AOLWvE67ggIj03QQ0DK99TFRcQXhhlganioTE5ActLlVM:/2O6v7X3QxD49Th36loSttpVM
                                                                                                                                                                      MD5:305BCEB99DEFFD8A022DC85EA4110F5E
                                                                                                                                                                      SHA1:275570C31A62BCD239AAD0F0E64CF99D8E2153CD
                                                                                                                                                                      SHA-256:670B02F534DBF19407DE445F4964C2DAE23B0C166DEA92394E4F1452F6B9B623
                                                                                                                                                                      SHA-512:4AFAD68860D5177823887240D74D9AE26B0F1513AC5D034470CF3D0E79372AA2BC91400A03193A9703EE6DE28AAC8F4FF1272E6703DA420A3F72AEE40B8FE4B8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:kH_..*T.^M.^..l.A.J.....7..e..O.[...-.D...YF.E.$...j..Pn......s$o.. ..%.-..F.&^.....`.].w.H.X..m$..@.....n.Q..VH..^.....8.&.I..^...o..)8@9....F?....Yh.t0F.M#K.. ....IGz<.[.s...~.Z.3..a..r./.<K...V.........D.~{...9.<.0{.P.}.<....^...L...MS....fp..{sw&t`".0(;8......5......K.,.c6..cx!.${n...;.............)<_j..4...w.1...MCg1.r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):464
                                                                                                                                                                      Entropy (8bit):7.56911428736778
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:mPvj0n+LitDH3lqREjw14gcganioTE5ActLlVM:cM+utzlEEjw1JRloSttpVM
                                                                                                                                                                      MD5:1B865326DAE8C1D011148DFDEBF1B5D8
                                                                                                                                                                      SHA1:0B5E0C6741B312106BF9BA21BF8821AE042641E5
                                                                                                                                                                      SHA-256:8A6F7E4FD1BF07A7896FC75FDD45D7CF8D11B1FA7112FB263CD2EEC703EF1D72
                                                                                                                                                                      SHA-512:3511B0ACEE84D0BAB6EEC15A81D4A2AE1568383432BC82A00A06DE2EDBD7B320AEBD4AF10B0326F7A2A822C1147980AC378148C5BAA575EC9E2731E42C22983F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........9.....B.....D.....9T....x.v.<.......mL._.._.........X.?...g..5.d..."..=f..~.["...b..6,.o.n.H.?Q?6.8...<:e...1.8.$..s....NS}.0..........\P.....O..\7.K...Z....%.m.".Z....$.-...X./..[.n.......NeP.{.i...H95jvn..x.p.t.!..I3N..qh.t`p.0(;8......8..S3..$\....a.....@.....I1T.._..I...........3Mz...].KT.>o.E}.q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):460
                                                                                                                                                                      Entropy (8bit):7.509300202134324
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:2dRI+rI0BFRLpspNf3CoVUzQpan/nxganioTE5ActLlVM:6CuBFRcNBuzuan/nmloSttpVM
                                                                                                                                                                      MD5:39384DD2234F60495CB8042A62A2B73B
                                                                                                                                                                      SHA1:21696BBFDF54C89A68FCF73B281D58D58A120C34
                                                                                                                                                                      SHA-256:432B1A4C422CF1F1AC1D0EEC3CE93EEADBBF1DFE799C980DBA87DA99FBC5462E
                                                                                                                                                                      SHA-512:C94D29FB4230A6BD44E0CE3FA1AFD60A73604D2D8D9633286911C5C2159B7F732A4753DBE2A0080E972781EAA71B7D594947BAA9CF0353948FD65E9629E0CB07
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:`...dX...x..N..`....B.=y.a...5..V.%.}...v;...d]...-.J'....s..D3.-...t.k.....S....._.FY.........v..3...<..K.m..;..F....S.....\i8.(4"+.l.}.K.. ..8B..bo....(......<.@...z.5.a.....w.,F.+.:0.............b.P.w.l....Y.b8X]..@&...I.N,..w&t`".0(;8......5.....W.^I.......O...B..5q.ax..h....Tl^..L.....J....w..fA...z.r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):440
                                                                                                                                                                      Entropy (8bit):7.5489876624821175
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:9Q261aB+uwGS+9HrsfPDF3lnSnlganioTE5ActLlVM:9Q20aAPGHrsnDF3A6loSttpVM
                                                                                                                                                                      MD5:49904CAA64EAE67C14001EFC27786E55
                                                                                                                                                                      SHA1:D2854DF14DB5327C5050739D406AF7C48D438D2D
                                                                                                                                                                      SHA-256:17D9A03472F504744AF92852C98112050A407B108858FE5A17FAE66D29D48952
                                                                                                                                                                      SHA-512:0F838FB42F3EF058D8326018AD20DF40E7D2DB0C4F082ADCAD76ECB5F8BE0AEF2C333C7B05B90169F20E257B01258501960B5FF3F2CB9AE2EA640CE61068451C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:60.-u.K....'V.T\J{d.D...9.qh.i.ok..?.u\7?.....rC.!8..........y.........)......!6...V;.-...~_m.W+<.3.....CN.).Q.........N..B.}7.'4.+...R.G.I.....SX...1.7..[M.M......U....P+.....x.....-..M......C@3...h.Z... .!...w&t`".0(;8......5..&qv.\vG...K...|.!aG*.6.{.JC.....rF.t-...zB.>.(.u&....h...L..Fr.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):469
                                                                                                                                                                      Entropy (8bit):7.572167321668826
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:zUBVX8CUIOLzLCvr+W5fZCSSUWvDrrganioTE5ActLlVM:zAx9UIInCj+W58SvWsloSttpVM
                                                                                                                                                                      MD5:03B609DF65DCB0C4EF99792A2C2DECFF
                                                                                                                                                                      SHA1:AD9A436BAA494BBA8C0CAD93171CD1C91A081139
                                                                                                                                                                      SHA-256:E6E81D7D0C4F879634830153154F6524402E423E226907F85840C140208D4CB2
                                                                                                                                                                      SHA-512:8A4FFD01CF995D62FB390E329313A4ED41AFB5E54C05D9CD8089A58C61DF0A132597658F81BC082A616084134B51F365542ABFA90131E49E77BDD5CFA156DE8C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:I.E.qu..IO...........z3..r%L.s;'}.....b.........2.g~/....\......\..=G1+l.....{.2.M..P.j..I.I...:.w.d.}.......O..8/.G.I.09...I`..U8-.Z.q+.}.+.X.....s..h......B...Cu.....P...K~.s^.l...W..Zkc....K..>..`....O!..y.;...o!.G.m..$..T(X).2... A...`..0(i8......6.....>.4...b.5%.ann.U).Z..Dn...w......Ub~.f....+v[IfH..5_....U.H.Wu.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):464
                                                                                                                                                                      Entropy (8bit):7.515382539833133
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:/RD75D4mhaWIe/PEvRWiY6KEVTqKi78ddorganioTE5ActLlVM:JD7Om0Wl4RX5K2q8dvloSttpVM
                                                                                                                                                                      MD5:40AEEDC1700DA6E65D935C1EDDE871AF
                                                                                                                                                                      SHA1:46C3BBFE0F8D0A063F5F3D645F7D02AACD0DEA78
                                                                                                                                                                      SHA-256:C4C80CC3D8670034194870C4E9DA61D49BA144BC0A43FB43A9712F1A5ED41742
                                                                                                                                                                      SHA-512:0E2A4F8E699B1326937FB43904CFE97C8B7F87D733976BEB04D04E20A4DDC3750432D8BE5C25AF3F063FA7642EFA47882C33DB8F0860981C79F7B90AB599CE01
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:a...D.N......%+./..0.4...\|...(..I~.;..g..[..O..re...s.y83gB.f..4>....Srw......,.....[..w..r.g.5..T;P.EfT.8A./.y.<1..Z.QOZ....m..H.L.m..P..<S..6.?..b$m...%.R....I4...&[.E.rI.....Z%l..*..3g.W.~b$^.Hf...|Z(5&.Q...m>Y....\...c..~.N .'..".!...u.U`".b(;8......5.t........9...w.,k..0.=O.......c..0...[r4O.u..;Cd.)..A.h...Js.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:MPEG-4 LOAS, 4 or more streams
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):460
                                                                                                                                                                      Entropy (8bit):7.548647735764994
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:JAckh3B0chN4dtrH4zRezn3arFovrI3J8xganioTE5ActLlVM:JAckh3BTCdBYtd6rqrloSttpVM
                                                                                                                                                                      MD5:63ECDA1C232093733F100F905040410F
                                                                                                                                                                      SHA1:1372DD98D2A5D92B1CA41B13A6053858C0502226
                                                                                                                                                                      SHA-256:1A5BE1D9A92668AFA2B975202DF2E034E72DAD47883598DAC350D5928E9BCFF1
                                                                                                                                                                      SHA-512:B8744DBF28F52A7DC7839D441E1C63D8DD7BEC423568158F69AE0594677511095671262846C9D6C19050FBEF17F8F77C6B23F72C7D0F8603127E4C237686E37C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:V.........\.2.1[."..J..."N.~ %..d.|..3.3....X.Ay=.....N.G..D..t.F..}..[T.k.W#uz...4.l....e.u..:#X....b.d.....zF..L.v.-(u.f.A.8......[......j.`..{.1.g..*q...Ka..8.....w7..{...=.....`...w.J0.../.p ....;...).g.....1<}8X..|.O..h.....cqh.t`p.0(;8..........xA.<O.\..wMa.?....*........f....[.....u.....<.W`.e...q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):457
                                                                                                                                                                      Entropy (8bit):7.55064980909798
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:ZCGDict+fwcR/7E6NQ5e/MgQKganioTE5ActLlVM:ZJGct+4c57E8Eey7loSttpVM
                                                                                                                                                                      MD5:E4455306C4A70E4C5A59C40E913AA964
                                                                                                                                                                      SHA1:FB3C6128DA7E72351B5B48C5DAE8D0666D2DA1F1
                                                                                                                                                                      SHA-256:8B1F168708909495EEA0F8E9F02D57511B2A77EE414D6CFBD38D6B73A6C17624
                                                                                                                                                                      SHA-512:A09CF2134E04EF75E4CADC06A40A5971607C95090054ECAF114B7FC35AD0B65108A7B3DA66C892DB1D7C3B34585C192E4CEC8EFCDC361D763BD8BCBFDC677D21
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..SM...@. .>+..D_.K~-.......R....t.|Lk&i.Z`........F....Q..8.iS...$pd.H..7.y...\....-.j../.<...[..........xwx.x*...i.A..s+`..6....-.....G.o....{(1##a5..r....4.\.;..f..W/.3u.%..ju.ykV...U.6].DEP...*.......).l...>4?vn.]..N......|..qw.&`".0(88.....o.v.%.....Q...u......x.i..J....P....R.c....@....*.#..R...wo.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):460
                                                                                                                                                                      Entropy (8bit):7.568886961991314
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:B3WUlgn0P/GXzF7h8Fj5R1wtX7ganioTE5ActLlVM:UUlg5D25RykloSttpVM
                                                                                                                                                                      MD5:611766031CC5E867C6C3718BE8DB3FC5
                                                                                                                                                                      SHA1:7884889B614098A80B00993FB9F090B4BDE725D3
                                                                                                                                                                      SHA-256:DD956B2163546C917FC81BC378C22D9B90EA6A355D3F9595767E8865584DB58E
                                                                                                                                                                      SHA-512:8F78DD62D55C11D54539E3A7845A66335DCE46E5B484DCF5334B6F5917DB7DC43FA3937EF68C31A662F89C2AE2B497F7E1D8F21B84C6052DEE6BEC14712E065F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.0U.@^\";t.!.g'.d.9...<.....Z.....o...eo.c.:0....wU]...1el.E..x..l.#...v^.O"\.6...e.F3f...5../.n...a....t.....f..5Q.pQ....nV.N.`...a....sK.......)n.........'>.....`|.T........Jb..p.....K..H..E}.$\..p..z..M.4..<iBMa......jd...-...qw.&`".0(88....)W.......;.m.(.o..E.oy2C...f.....h".Iw0.........w.v...L[.r.|.o.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:DOS executable (COM)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):455
                                                                                                                                                                      Entropy (8bit):7.491470168484264
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:RX/9h0Q62DMHtuir+XRNaTwyHB4JQganioTE5ActLlVM:tFCk+tuiqqwsQloSttpVM
                                                                                                                                                                      MD5:DD92001ACAC7566E542DEFD2BDE06012
                                                                                                                                                                      SHA1:CFEEFEEE2074258862EBBB59F2E2F0386DA8E68D
                                                                                                                                                                      SHA-256:449012BABB01C95195E67CD4AFD4B6B48AD154AF5FF67778C373C9D594795E6D
                                                                                                                                                                      SHA-512:BC1E120C8E95F26B8DF7F0D08EF121E16CB2C6DCFED963C5776F4E306C611429DE9BB73079DC929DA7DA6CA9CDFB71475879E4909231E9F450B53D1BAD67DC6C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.%`...yy.K...?.s...Z....r.z.....`p.jzR........U.!`.i..h.../98...._.65DB5.!^5..x..m.+*.O....{..&K.f..*..c.r.8R.............vK...........N.`..6@....Q..x...\.IsP...o.]..A.h...<,a....;Y.....(.9.c.v......<.X...\7.nm...bJ..d.../e..q%.t`".3(;8..M...j...K./$./..l......j?.E..@....|...e.._y..B...O_......m.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):476
                                                                                                                                                                      Entropy (8bit):7.62735672372907
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:ZkFDjaQXrTUealcnyiRXganioTE5ActLlVM:ZkF/rAeal4wloSttpVM
                                                                                                                                                                      MD5:A5EB89ED603377294B8A7959A8545986
                                                                                                                                                                      SHA1:2D258EE9303AEFADAD397420799004DF63A00648
                                                                                                                                                                      SHA-256:830C7EA2BBC04A5E6EEFF8034CA722B6E922F73240FAE9987969B57D2DD1DEDF
                                                                                                                                                                      SHA-512:5718F7FC4BE127709935EAC7797B0679A7A5AFFB0588290F87DBF102AAA16F6C9C3352DEC688D187E549248322AE7350F765367A1B4946C9C3C2247544906F9A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..K....C..q.z....e.}....n..5+.V.Y..'....?....#..>Qa....^....W..RM..4..P.</..O....=.z|..d....X..*(..Cc_m^...,..6^.*.C..`.......ix.;C..+..*9...s....G7.D..0x..%.;.m..vD>~........i.......R.`.....G..-Vm.Q..[.38r.l..s.U.J.j..v.k......E.7$......_.o..v..Al.t`..0(i8......6...>.......\.....1.4...v...(..u_...3.p.}gt.&@Y......V).m1+.$.Z.u.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):463
                                                                                                                                                                      Entropy (8bit):7.563217946110039
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:B17evTN5XSrFFKaMbbS8yp+kGqf+7mqEMc+XALKOQganioTE5ActLlVM:BcvTNIVMb2JMaqzcPh1loSttpVM
                                                                                                                                                                      MD5:C59A2C4A894E20BC2D2E5219FC4CC0D1
                                                                                                                                                                      SHA1:1ACFA15435E3272344E8DC280ECE6C77E2BE24F4
                                                                                                                                                                      SHA-256:AF336CE46ADD0169F233D6BB209999B161E66BA3B2A4326E8602CF51EAC60E08
                                                                                                                                                                      SHA-512:99F73AF9370A3DB76786877213CD9237BD6573F388BCF40F07D41125D69E544623B0CE7560AF53BCA8F537415680E71E61EDBB59089A4E91BBE2290E282D91EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:`b.z.J..%.a....@.....V \.....X..nc....H.|.....[z.dq%&.SC...?)...9.]x^...I.....-.4cg...WZ......O%k.G;i.n./....-v(.y......t.<..}k..Qs...3<h..(m.....]@...'...[...m,.I..B.Q'......q/..zz...c...S..FA.v.6.,.Z.N....v.h.....5j}8Y..=t.......s...u.U`".b(;8......5.G).`/.g_...d.:b......<.3\.K7.E...M.8rF.2&$..j.k.G.w....5. y.s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):456
                                                                                                                                                                      Entropy (8bit):7.507448294121333
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:ZdXy+N3lQ6noGO1y93GO0DmXmXDN6nQganioTE5ActLlVM:ZdXy+plq/8NWX01loSttpVM
                                                                                                                                                                      MD5:B0A55022C245F9581C90473A2CCBD732
                                                                                                                                                                      SHA1:CEF6CBA349E9623125828FF4D3C6BDB91C292230
                                                                                                                                                                      SHA-256:48AADDE08597B798CE21C13972E6ECF4A2B4336B48CB2CACD0388D05E2545864
                                                                                                                                                                      SHA-512:D8EBD52F29F0BEA65144BC661430EF85EA952149E9C91DEC4F64D967656DF83763E80D7FB24ABD3435B27AC40ED3219D97A75AFC77FF3F22F2746FDCA83D6DAF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...P..Z..m.t..1..c>.k;...3.W.l..Z/aVo.=...m _.h....R..*.-#!...t"...+p...;.p..@z.#$....gv..$.....h.pC.8..c....b.z.....\.... ..o..Eg.A..?Z..E<.\0r.b...a.K.[......~X...j......i.".p..<..:.....fD.\._........+.n.......fdX..y..,.6..7pb..sw&t`".0(;8......5md..(.^......:..[|7...v.C...P.h..O..lBp..(...1...>#G.1...D;r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):480
                                                                                                                                                                      Entropy (8bit):7.619527497836807
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:QpAlBj7g5IFKn/TOmFws8IeR0Y54KTan09ganioTE5ActLlVM:WAl52IFeaY80YLa0CloSttpVM
                                                                                                                                                                      MD5:78DD9FB4D961521F2B8DB22BDAF7FB13
                                                                                                                                                                      SHA1:BF7F3289FC51052E54E2519C3C36459AB4B3FFCB
                                                                                                                                                                      SHA-256:49A9EB1E3A82C1359A9B29639A5BFC3CCB728C3DB0FA9523B21D561071DDE322
                                                                                                                                                                      SHA-512:200A178FAE4D1765D9F4A2EE79804304DF16A329B62297C76C9AFD5DBDDF41BB1DD4A3FCD30B3BBA79B4C98C46B90E9481D1A191F2272F56AB6CAB083AE07000
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{........7.p.;....:XJ.n=.....%..j.P....o..IW+mfL.e...P*......\o$jI.&......H.C.Y..~V.........N....,..f"...XpJ..n.h=....&9.R..j.Z.>j@1..^......p......VGc......"...s........"...Kd..w.+.....%.:.AV.E.7..}AG.C .......?!.S..*.=..6.;6kl.D..K..=..fp..{sw&t`".0(;8......5....u]...Qg.+j..G.....#...f..CbxfT7;<....(....H............Q=-&r.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1155
                                                                                                                                                                      Entropy (8bit):7.818548247123585
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:l3ix8jGQ0xsERHxwrrmoqviob5KtniiKEISZ/Gly/apW1B7l/mzhfwwloSttpVM:l3ietEAQvb5wrKEJ/Wy/aC9pYhIMtre
                                                                                                                                                                      MD5:1EEE67E779AD35611DAB1C5E5B4659DB
                                                                                                                                                                      SHA1:C99FD1DA2BDA9F4DC280715525A736BD6AA14794
                                                                                                                                                                      SHA-256:6DCDCCE7220D9E5746FADC70780E3D43F05B730FFCD6C55FAAAA6561A9DC1352
                                                                                                                                                                      SHA-512:6E9114C46C8924450375A4BFD1A46BE809C2F610A471947CDC5063120A15D5E35651AC17D273C277EC9D773397D9BED1544678A8085BB2775130DF008958BAA7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.8w,;..A.$v.Q....]..D........`..F...........S_.....R..Q<-9......._.{1......V.+H.WpQ$V...R}...I)0.H.;R.....(...l.3..K.Q./.....3..4...O.t.6..7<..]..!.7.v.1.....zM.VcA..f...~.KU...|t.....F.{...A....0#LOoa..7..@..UqI./..P."..(/S;R..*....W..O.....$t.@.......%.v7E\.{.[.F...y^.c...iH"r2.......{3...[...=]..,._...&YU4..{.&.P4.......<.......SB....;q.3".b..*...B%...M...$(8....jt.U.c.=B[.i.!...!..b.Qp.......+...G'.8"G.a.\.<....p.R?.YS.g.;...'.".../.>`{...$_....g.v..seeo2....8..b..3J...A..=.:gT.*....z..'z.yO...2.....rT$.....-.qU._...N...W....aEZ.w|.v......~L.p@h....`91.CU&...k.....?j...^.c..B...Z.yR~.&G.3.P.T..{...(g-......$.]..$"...x.=~.{._...l.b..Ta.x#w.#.Em......yOY9.ZW.K.....w`!....~.......>.RGvZ.....3.zb.q..P.....7.N.=.o.J.(<....../f./d.7ElW[.e..U.]..o}.".8..V.2TJ..YM.[...D.o..=i.....{....cZE..ucu.#<7%.Qx..k.r'.:.Q.:].~.g.4,V.2 ......."t.....M].j$'..C.G...8.}a#?...'.:.....5n.0@.......C.../e..q%.t`".3(;8..D.vv.e....^m..............L,......pF.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):253
                                                                                                                                                                      Entropy (8bit):7.212010768267565
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:XPrRynhGIBhDbuwOUeJM6LRXgoXnLYgko2WEKqFCKZRQeEClVMn:XP1YBl6wOUT6dXganioTE5ActLlVM
                                                                                                                                                                      MD5:5E1FE7120619A6E41462B80182B12745
                                                                                                                                                                      SHA1:BC4A4F787B05AF4DED72CDC9FBE7DA5C89AE10D7
                                                                                                                                                                      SHA-256:3C71B27FF681A1746DF8F60D0330D24E8CAF8FFD5924B20DC45CC5F3DB29CB0A
                                                                                                                                                                      SHA-512:5128334B7FB9AEF70ACE404E68D11AD07C81477459B4B0CD39A3BB93475C707880448D34A4CD05CE468265C9DD90CAB8BE3B0539B8D7B9B48EF9F94B80B9B437
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.uw%8<.`#.v.RY..yER..q....!.;......sQU....y5.;.../}..q.i...`C......0.f2*.."....IV[+..1...W.R.^W+.t........>f.0._.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):291
                                                                                                                                                                      Entropy (8bit):7.295712145193465
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:r/lXz5vlwTaRJvlDb+nIG/DjBYDlQgoXnLYgko2WEKqFCKZRQeEClVMn:TlXzBlw+TlmnH/D4yganioTE5ActLlVM
                                                                                                                                                                      MD5:949F63AAD389EF0A98770E823BC0C129
                                                                                                                                                                      SHA1:6D3897B1990C4043B736736BD06A50481EEEC712
                                                                                                                                                                      SHA-256:7F70C2970F185018A2474A1ED5F02D79ABC550399A442C0ACF884C405D3F60D9
                                                                                                                                                                      SHA-512:35966AF10530593011AE866BC5D16BDF6793235F43798CF61B63E5BE8B5DB827942AE1D522F3547F463B5F40C06AFA3E7B6C9DDD1473A7EF14F1EEF50B9D6338
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:=.BB..,d..j!.......I..@%b2bYg...;..>.HBQ.iP.q..'.:.....5n.0@.......C.../e..q%.t`".3(;8...B.= @...1........*FJJ.?.p....r4....[..a...X....c.t....AX.k..m.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):253
                                                                                                                                                                      Entropy (8bit):7.219366635906235
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:++JGINdpGR/Jk6boxQx6goXnLYgko2WEKqFCKZRQeEClVMn:++lNqRBk6bo+6ganioTE5ActLlVM
                                                                                                                                                                      MD5:C8D0F44D127091AC16DA0159E3215F3C
                                                                                                                                                                      SHA1:E2F5EE1DE0C838427D5EC28E8180CB63A2B195CF
                                                                                                                                                                      SHA-256:AAE8F3D4B2EED6438EEDAA50A85A61B647C446F17DBACF7500EB4733249DDF53
                                                                                                                                                                      SHA-512:1EB4C5148B20C7E9D641EA1663ECB89AF0E764BB7B36CB4F48D099D0CBDBBD42CA6843DB4F9A38F51654ED1C2AA912F30E39207CEAE3E721B04E1E1A1A553679
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....D......9...Y.......!.;......sQU....y5.;.../}..q....{"..?CV..:Z.......}.a.Hw.*0.7O..g.\..........q.mu.s.</[._.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):508
                                                                                                                                                                      Entropy (8bit):7.5766145423154105
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:loCdUnhhJkosxfoIPWQYKHgDkmgIC2lganioTE5ActLlVM:loUUGoZQGDf3GloSttpVM
                                                                                                                                                                      MD5:782EB27FD071BC220BE999E4893E4F15
                                                                                                                                                                      SHA1:8E59A33CCA573B7112D63ACE647535C102342D92
                                                                                                                                                                      SHA-256:DCD38AE93C5C0D159F6F4F51837495B4131FCDC3DC257E6F31EDDBB5ECE092C5
                                                                                                                                                                      SHA-512:B14DF7B63582C1711F2D708C2B1C748DDB63562A21553093A61DC1C361F7AE217CEE9F19F2D8E30676269036960C852CB2CC604DD14113720B1F4006001F5EA5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.f...+..\/.....D....F5...Ah.+=.7.A..44..1....:9\y..!.)c~x.....5.........vG....~.9......f.&h.-....-.v...K.{a..-;:D....XDzFG=Bs.s.o..O.8..1h..v..6y...,4....Q.Y... L@`..........-..C.Md..!4.b..M.H&r...U.<%.w..2..i....O...t............LNT.....l.R.F.1.&x.....H.r...1E$..h(N7..|J?%.....t...8.s.U....z5.;.../e..0O..H.D.1...{A...l..o.l.<..r....2.4zN...W.W.....=...4....0..[.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):516
                                                                                                                                                                      Entropy (8bit):7.6327667451701275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:1vcN1vr5l2qJxNl8hxj8bxlganioTE5ActLlVM:1vc/rH2kNKhxj84loSttpVM
                                                                                                                                                                      MD5:A85B007A8EBC2F2DB7DE184886F740FD
                                                                                                                                                                      SHA1:804EE690FF5AFD939BBD885BD766919A18C39B98
                                                                                                                                                                      SHA-256:75EFA13F8E037880C0C826D0E8F4F2AF41A09B684EA4A7AE6CAEEDEE253C0D6F
                                                                                                                                                                      SHA-512:952A87476818CF769E83803748F3BD34EE29950641C2513DA7678643A987B0208DE6998F86942CE5F291B650EC1EBC72DA4DA16678D2C7A2091AF2C06AAE4866
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....+....U......P:}./.a.~........dRY...u...g.:H.k?.YK#&.8e?K.._........7.J.....Q[...P*.%....t.:r..M.[BU.......5...vjl..V5.%.T]..L.........9Q.tVL.h...{.q.iu..c.>*....=[_.....4.....s...I.5.".=.e.Anavw..;wN..~^$..N.a..a*..qI\.x...z.P0!Y....{.9.1.sO._/'.r.@Ar8.z.....%.........T........y5.;.../}..qt.t`......[m...{.tVC.}..K.......0....5.@....9=..^_4.9.E.F.e..{..c.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):248
                                                                                                                                                                      Entropy (8bit):7.150473275981831
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:5s9+cTZOyyV+O4L0ls1rgoXnLYgko2WEKqFCKZRQeEClVMn:5aRONlyganioTE5ActLlVM
                                                                                                                                                                      MD5:F5B83AB1D9D207F8A46B665086FAA93B
                                                                                                                                                                      SHA1:CA579FFA169665B115418808F382E7678AE394D5
                                                                                                                                                                      SHA-256:DFF04323D9CDAD30226A472F8992C7F620276BD6CDF91B2DE91218235F7B7A88
                                                                                                                                                                      SHA-512:2AAB87DECD23688D87E9CA004FD4423835BE5F7109D563CBAA6072DB2ECB972950FD03BFC048A56B54EBC19651F9BB673659D16609DE8F2B227BB1D83600B920
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:t.H4o..$ic.o...*......G.D6[h^U....yg.;...,~..rw.t...p'..CF.L'.[.....R>d...Qo...Wt....o....sq.K....e[V&..-y.u..b.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):552
                                                                                                                                                                      Entropy (8bit):7.61027931146907
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YGxa8vliJpRof6HHnIk5aKP2Ze2DToiCfSzkmgo4ccqumganioTE5ActLlVM:JvlEpSIHJ5MZekoiAefKcaXloSttpVM
                                                                                                                                                                      MD5:71B3F6EE0B9A1FD7C8D0FC782CB24900
                                                                                                                                                                      SHA1:0F90549682F8157F7684CBB11537946642C97DA6
                                                                                                                                                                      SHA-256:3CFE9FF37D0469A5A3CDA53737B06608230B0DCA2E98CD7A38C1D293C5E30534
                                                                                                                                                                      SHA-512:F4F051C9C860EEBA3377A861AAD087749A90AA8ECB1D520BD2FF7D8F3892FC84C8AC180AEF0555D053623F0A96E1A6C49401818DE758B84DB722527559E7D7FE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..Sq...<.......:'lb..`.c.j[..h*i.y.Ct|..c.>D.+.z..$3c...77....1.o.c..../.,;.hK..6..hZ.6y<.0.(.../~.#....KW...!.>*mP.z...3 .".....tM9....J.M....^..S.C....*....E7..>....K4.6y.+.. .y...T.w...:..g&g...NS...5P#.*.Z.{>4...Of.`H#.....A...C....C...^....$D._..$.X"..?._.@..;j...6.3..]{...x..C:.^kZ.c,.b.d;.}.2....h......w%.....t...8.s.U....z5.;.../.K.|s......^.Q......ir!....}.9..;YI.*.....='/Z.r^.W.7I.....Z.[.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):563
                                                                                                                                                                      Entropy (8bit):7.583104881773602
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:OXlHfbsislxhrOvMS5tddnkJM7umgZMJ62Mxrd3DGSxganioTE5ActLlVM:OVoiMhrGMSpdke7MKd0rpGXloSttpVM
                                                                                                                                                                      MD5:57D42751E57B1B03F7CCABA0CAFFF7D6
                                                                                                                                                                      SHA1:70E1AD9044A89250DF246EA788053514A2B84777
                                                                                                                                                                      SHA-256:F6511BF3A299ABA59587405F09ADE58D932BE083E87AFC46A989FD72566BFE14
                                                                                                                                                                      SHA-512:EAED6270879ED338BE2C5BB6186DEC8A5EC174C52438C2028295B1E0C3F2C77F3DF600ACB508B6A2BD636F575307A1B27378BAE8B78DF99F0865495A4FDEFC8B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....,.P..i.q....,BoO3.I...U...W...V.>w....S.....@..!*..N@.N....;_Jxd.L1...^.[..A....OX....)....Dg2......Jb.1{..3...9.L..K5.~p....v..]...3{)..r..k.T6i...#..u............M..0J..x.....q.8S.Y...\j.W....y.Nvq.2...E.6..tS.2ZH..z.8.7...ys.....l..S..'!..#..3.U~.Y.E.UgM.(L.^D.._.4.t....gE.......p.$.....).n..q...S(...;.....%.........T........y5.;.../}..qt.t`E@pNN............7..K.. ...."..Yl.n......:.u4".l.o(G...qDd.b.c.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):283
                                                                                                                                                                      Entropy (8bit):7.244985009448137
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:LtiYry3gUCJ+RArv057R2e7goXnLYgko2WEKqFCKZRQeEClVMn:BiGFlJ+RAraR2e7ganioTE5ActLlVM
                                                                                                                                                                      MD5:C3CBFE7A9B8995E7165253398B472714
                                                                                                                                                                      SHA1:7FBB4DD8EEA1D220CA2DEDB24D7A030E67261A48
                                                                                                                                                                      SHA-256:17671DA3B9AABF92537306918D6F2370BDCFFB5658F0E96E385F185FCC91969C
                                                                                                                                                                      SHA-512:6440D04945C8FB3C3D765F7168023F23E14F1DF388B2A09D1958E9A2A639E793D305CFB0DF2654461755A08F7C914D9FA8B67760AFA6C937F94BAE08CE73028C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...#.K.kV.1.N.....}ND-..>,\.(*.q.Z.z...g$.........}. ..$....7..B..5~..#w.t`".0(;;....1.G......VnE....w.].....g.#..zn...{!F...;..b^..w...........<l.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):731
                                                                                                                                                                      Entropy (8bit):7.701363269150799
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:zC2OqVtgFEvSfUVjzReEHmXkQOlMlLf43S47MdRZA7NXWRbemlganioTE5ActLle:vOuwZUFleEcblMiXdDA7lQr6loSttpVM
                                                                                                                                                                      MD5:08DBE64B4BE48BF8537690FEE0EC96E7
                                                                                                                                                                      SHA1:57D21E85D18B2FC9F96B8452654C6219F2164A21
                                                                                                                                                                      SHA-256:B203828EE05BFA9049193D8C1430EEF84CEDCF9D234E514DCAAB697494C24EDE
                                                                                                                                                                      SHA-512:F0BED1EBE803934AD4DD939F20A46315FC6FC6798E4C2AD175D3ECAF259ABE8AA9DC1B84F56E683C3B5D50675EC36369DF2EFF576E53891351EBDF3BBDCCA4F5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:".x .l..*j{..uo..>..5.....Y. K?..6...[.......?...x.{o{bN.............F..>...2.}j.#..i.F...*$'w.(Q..9..d...gB.o.`..n.b7[4&`..`..rM..A...D.Q.u..kp.\.Rx..bg....5Q.<Sd.$.zX,.+.+.c.U .H..r....9..4.].\0a.....rW.{I..FW..7..7t..l..<..O...Phw..?x~5..Dr.1jx..X.:....r.BFB...9.A.k.M.16.Z@^......&......!...r...)pl....5B:?%a..T..TP...M..=U.'V._....-.....-5...gP..Q......\.....5.......h.*@b.).....fY....~.........0..,N..I\.<Q....q.>......4G.D...[h.. .gk..C&.......P;..F%. .<.....h...0$......QC.&A..qh.t`p.0(;8..........B....S..C<..!s.....\;.Td.5.!.p....E...W..-.....O."E..0....q.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):283
                                                                                                                                                                      Entropy (8bit):7.250411181014531
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:lz2FLBRMJjdJ+Rs1I+KBzx43klgoXnLYgko2WEKqFCKZRQeEClVMn:lz9jdJ+RRr940lganioTE5ActLlVM
                                                                                                                                                                      MD5:8D3607758C6E2C42BC4D7D7E797E05A6
                                                                                                                                                                      SHA1:571C1BDE6A274644F0F40FF7D4549E2753747C35
                                                                                                                                                                      SHA-256:4A1C0DB5E3E9D7D2B521A3D514F73AA477D97232E433B70C0E2250FFD3E14EF2
                                                                                                                                                                      SHA-512:7A6466A21EC27720DF1A2E096025638E1A73BA7B5CA2435EA4E3ECF7878CB95295562721E97A2C8A4593426ACF2CBB39BEC69E5EAE177932497F6F51B11E2CD6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Y..>..-..E.,.q.B.a.nv3.r........i...$.........}. ..$....7..B..5~..#w.t`".0(;;..@*(........h..h%}6....}..U.I....).rd..w......3.d.p....k.mDl.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20712
                                                                                                                                                                      Entropy (8bit):7.990688330380757
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:384:46MHdh2AdSsngh+eVkXbxp1bn1qANB5gYZkdjUQUScZZ9fiuHmHfrh6dC7jp:46IdV7qANB+YZkJsZ9fbHm/vp
                                                                                                                                                                      MD5:7EB01494316B21C3C3DBD0A84140B1EE
                                                                                                                                                                      SHA1:32A03E7698BF6F90AAC2B3A42880F366E7009A9B
                                                                                                                                                                      SHA-256:26E14432386008451C2C856F8BEF8D86E13BA64BE3B1669B42FFCE825B60F55A
                                                                                                                                                                      SHA-512:3680CC8F73C0A32FF200456B95A4802BA6D6870497C80BB81E3DEF94691B24A1E59A38D5CC0D3F0D39146708C073306F4543F37A159FAF421078D5862C2679F1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..'..@..+K.....fWs.T.\...X1K ..a......7..b..t5.Y.....H%J...&.....yC(6.{:.s..9....J....0........jH.9I.*N.3......Hs..)...B)....Y..Le...N...d..\..]..SO.T|..pk^.p.kt...,..q...4......&x....c....zng....Ro..n..U.?...B...\..<..e.:\g..=.D..2.r.bl........W.3..Our.......X(..&..t..fN.NwH'R.E..-.....8C. ......v,Xu.b..L.RT........'mp...J......d.....N..9...P.........u.I... .M..i.s_.....w.q../.............U.....-..N..9....r....^.q.3..5.`..Z..g90B.._..L-Q.._P.o....F.2..&i....eA..nM5..:3..B.;..:.... .....,..B..9=.}.OI....=.....|6/...0?lh.0..l........m..:n;S....{r...k.L..J...S.Y.B..s|0...d.=..Z.Gs..fp%!....Sz..*...Qc?.H....5...o..#z..5C.?....6..~.F_\......4....uT.Zm.t..F..).,.oZX....Zj...v.jhO....dIH..W......4S....@..`K...F.-...\.~.A...[.../.............v.p.>>...Hn.....cnTH....b.r3@...zy..tm......v....j...^6../2\._..`.....L.".\8Wy...S.f.Z.9.>e.\M.0.b.K.A.U..A.F.......r86..[g7.7...b.<.........9?.tz.b.l.Cu..wp$.~O.;7-.W...S..X.;.........:.......0&....l..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):314
                                                                                                                                                                      Entropy (8bit):7.267484035369877
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:/9mnn5IE9OdAZY74O6NGBI7rgoXnLYgko2WEKqFCKZRQeEClVMn:VmnD9hZs8VPganioTE5ActLlVM
                                                                                                                                                                      MD5:08402C2FFA32DC6873A8E029F6B0FB78
                                                                                                                                                                      SHA1:EEE8DF788C223F0E20CEB5E3575402516A050346
                                                                                                                                                                      SHA-256:BC3FEE8BDD8F8AB58BEFED1B78E7FA85D449819E00C57B3871CA95940BFBDC98
                                                                                                                                                                      SHA-512:E01799D1FF182393BEEC866B29FD255CE7C39DCFF6513FC7FB337414CBF3D3549546CE8CD7B320CF5B082CF2A4E37EA6238FCE8424F715F48B3C6D7269A44D1C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:_..1n.&~PW.0.$.Y.UIdQ$.f_2......x.tK.%.vv....f>Crh.....kR.'.*.+.....J...u$.<.mF(R..b6...]$,y.2.2(.8......6.......F.*.<n5.@$h*3.3.1M-m..Z.[.N0.....]n.W...P..d..X.,.}M...........y.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37113
                                                                                                                                                                      Entropy (8bit):7.994202324597074
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:1tUPhMfxpwaNacSTr3cPxgRfwMp9SPcyf99mff8975hTCBoKyXLpHP3ZY:wPw7waDoZRfwGyf99e6TCBoKqpvJY
                                                                                                                                                                      MD5:F07E2CB7535E26D4B2D42886B1985C93
                                                                                                                                                                      SHA1:6C0B6AFF672214AE262DB6D5F44836F39CCDE671
                                                                                                                                                                      SHA-256:2F724BA70B937467D36D3831A4B9334DED43B430E251FF2F7F8C5AFDF2F086C2
                                                                                                                                                                      SHA-512:656B847CC643E60A6DD8BCD47D7B6B30778D46265FDA2922377E08AE45978B109930944DF2187F2F8F80E7F3F8E32E28C1BE9C9F7ACAAE017B07B3A72B368836
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<g.[..a......*d.C.f`Yf-e.[&@.U-..6.m.wF2..y..U."u....En.....m..`.t..+..8.....W.%P...Q.L"...|...1.B..(.. .<OGe.L.t%..7..k_..y.zPT(:cud..A.K.,.:,P4.F2..%.....LA..m....2p.A..m...f.|@k..*.......+D..$Q._..6~.b:.6..O..!.thj.......A...5c.:..|H.*..".[hp..5......)..... a..l3h.G.....DLd.....i...[..?...X .....8.k..,..P.y..i..aN~...L.'8.T..<......@1.J..I...y..1.\5f....|y..m..[3........Gb...,>.Z.3q-.g7.U..r.g.zW..pS......X...ocf`|.:....H.Q....".QG...c...]3DB...]...6.su..sq.zQ..ELhk....Mp]7%r..O..VY..[....`.:...m....L....B..rL~.......W..J..g{...b.........@....`../sG.X_.8..V.6.;.G\N.=6.....M.....~.g.-=a......j......7[K.-.X)\6U. O.EF.\.i.j7..{Fq.S.....1A..y.9...98@ETV.>.......]....,=...r.1'}.B.Q.....?.1....9..%....sh...w...0.Z.6..."A....TS.L.6R@...!.VL*...;...".L.hh.H.k.t."H........V%..\..F .~.)...#........#.U24.P.'..f.r...JTy..]Y...W73/...Jg...GfL.P.....U.k.......^..{..^.m7.v*.,........K...Y.Dtn.:..[....lKznQ.R...Lf1aB.V.bm.#..tz.....\...0.n.....Uk{....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):629
                                                                                                                                                                      Entropy (8bit):7.651827169201006
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:/hlQoFMxe2jjYcu6H4eZj54tlAztXTtAf77OPYJIFibqjganioTE5ActLlVM:05xjjJu+l8tuxZAOPYJqinloSttpVM
                                                                                                                                                                      MD5:48FBD2D07FDC9E0BAB04638FCEC53BF5
                                                                                                                                                                      SHA1:03236C967F5B289BC8A465E32232762D43F08D08
                                                                                                                                                                      SHA-256:ECCC9F97FBF68892D61E7659E574772735F30ADA36CA9D9FB3F792CB76339627
                                                                                                                                                                      SHA-512:AC46206C61D229B77711263A40F6394BC72BE8205E301CD9D3DABF2BB2B6C925B900462BF13EFB432179B4404A70A126466996BAA9A7192937C7ACD48E9E35B2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..t.M...}.....H&.`X.:"c.b.".........J..r....."V(..mM........&+_.]R(.....-..R....S.=........#86...A.{...Z...:...k)...*.g~...r..~..LJ.............qW.....!r)..t_.=a....:d.D.o...NP.I.Y.F...Rq..F.'...8...q..9J#g.b.I\@.2..\..j#..e... b[..YU..u^\.D..^\..['.8.!O0&{.M.\..=^V..q.x.]/R..I/.._ Xy./.W.... .0..."..m3.......2..2..=.....#.g>.m.9...3..._.2...H.....p.\y...fW.R&G..1<.7..m..-.Y..kl.....W........y5.;.../}..qt.t`........i.|..../..N....~..i....m..@.^8tU...U{w^.....-..i.W..c.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):248
                                                                                                                                                                      Entropy (8bit):7.139364858634395
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:W2T+czwldct3ugilCpSXgoXnLYgko2WEKqFCKZRQeEClVMn:ZTAqxiyIganioTE5ActLlVM
                                                                                                                                                                      MD5:941FA6788884A3274C0E1AC61732507D
                                                                                                                                                                      SHA1:9401E6259BF1DECB073020DD089B40BF6CB2FC03
                                                                                                                                                                      SHA-256:668668ECC6EA0F9DC2BD76A6C3C774EA0C59AD794BAB4E8F7D701C46E85CCA02
                                                                                                                                                                      SHA-512:120ECB44F70A003A2D1737D38B764206D90E69CB6294BDFDC3AC7BDCDB2AA43C8CB6B33F1431A3BA614A43DA897D2F153332C0FEF5B68D8E34B3A2C716039A04
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..j.:fNb.p=?.k**......G.D6[h^U....yg.;...,~..rw.t.;..j.>...}P1.B..Lh.bD..o..I.....wa..z.\V-7.r.........`..X.--.]b.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):540
                                                                                                                                                                      Entropy (8bit):7.6275347085587715
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:5WVEU9gEFpW3Bfn9ArUGh1rAkmgWVAjr1lganioTE5ActLlVM:TMZF41nSAGvAf7M16loSttpVM
                                                                                                                                                                      MD5:E4491D697259BF947507594C9B1C9959
                                                                                                                                                                      SHA1:2C0D94FCD5CF6F7F397DB319E538D6632CA60B61
                                                                                                                                                                      SHA-256:04EEAF25A4FE85A416A05B3CAF4FBA5FEBA8658160C568E378EF1D78B83BA5F5
                                                                                                                                                                      SHA-512:4A4A74FD74939820812E44C2FF08712417FB715EA9CCA04847F779483F1279305FABE178A99DDEC53E4B90A86C68C91859BB980DA1BCFE8C982745A513980334
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:GM.^m.2m.y.$.....r....t+.y:=.G{...VV.....s.z... ..f+...Q..I-_Ek'.....u:......Z....`...[..".....8......V.7G....jg..lxR....f.{m.B....=k>dt....c...=.;...Vbv...xh..j...^..]/F.........sxw..!....d.: ...,.2../U.y..A..r..#J..uD.y+)....6...T%7...%wp..O........1.D.^.UZxv'...5H{c..Q...VyH.\cF.`....m....Fk..;ug.%.....t...8.s.U....z5.;.../.......:c.....#O...........RR.R{.?O....95.-..w._..>.f.....LV.N[.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):551
                                                                                                                                                                      Entropy (8bit):7.615833517263329
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:/YMUyi7H+N5FvV01N31nmd4qYHolpwmOlganioTE5ActLlVM:/YXZjqK3cd4qYYp+6loSttpVM
                                                                                                                                                                      MD5:E53B4D4F980361E42D6509B33E6A08DC
                                                                                                                                                                      SHA1:FB0F964A0E2A1CAE3650F0CC11DBA9BD372F11F3
                                                                                                                                                                      SHA-256:4A775ABBD8202FA80FDC5FBE7E79E2A2BA47653082056056B2D23B63AEC285F0
                                                                                                                                                                      SHA-512:7F61EDD2F530F20AF4DF5566F9D5400CBD916E5BE106D3443438E4BEDA8BA367FB8509D648D431632F3CD55221941361831B879D0CE30BB97F7371F1B213439C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:~w..O)f..5.p.fr.5.!..'..*..J9........hWh...l.>..Y..|.;......I.K.`-.@P%..8.:....X.E.|....dGbQ......]5-.h..z..*j.e.....A..y3k{B3.u..O.....5.+U......p..T..........*..Q.k.t..Q..x...!.~..}.+....IP.7...g..U...U...T.?|..'....A.rK.../ps....b.Op.fAM........E.8o....-....cyC.X.{.....e.=i#..{..=.R-.......L...%.........T........y5.;.../}..qt.t`..._.^*C....o..N...3...^...........@.Z.j..t....&..'+,HQc.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):283
                                                                                                                                                                      Entropy (8bit):7.244985009448135
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:X8rgLbsJ+RnPtWYlJv6cflgoXnLYgko2WEKqFCKZRQeEClVMn:srOwJ+RPtDJVganioTE5ActLlVM
                                                                                                                                                                      MD5:5E3D321EFFE97D978F4322C4C05C5CBE
                                                                                                                                                                      SHA1:812BF7636B332461B84621A809948B0800A0153E
                                                                                                                                                                      SHA-256:269873548AE27CDFF4FF8767192FCA6666964A50982FCBDE0C866015AEFB025F
                                                                                                                                                                      SHA-512:35ADBCDD23F682B6B1A22EE33A001B7C623BADCB6E268AC639EBE216619DAD5E65966E9EFAF8313264B0F6F26FD190D635B7843167AFA64F584AA1D2B3C4CFCA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.>....&T)\.?.T...i.....v.#...XV....k.G$.........}. ..$....7..B..5~..#w.t`".0(;;..@K..~....D.s.8+k.B ..Zx..:1..E.og...(u1,..^..]V..v.l.~YzH...l.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):131313
                                                                                                                                                                      Entropy (8bit):7.998477690021457
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:cWw9XNfyAyxX4k5cXHUm5Ae7M8qV5npI0P1YA3iseyB67:cVNByAyxX5+B5AKzInW0+A3isLg7
                                                                                                                                                                      MD5:9C31DD936C40E59721D002C62D0DA73A
                                                                                                                                                                      SHA1:3B62C882784BC9403FD75BA9577D7820870CCF18
                                                                                                                                                                      SHA-256:44EB1A5C17FFE4678C2E5987D37784F623F32D1C41021BD12DE5598ECAB14DE8
                                                                                                                                                                      SHA-512:9DF9C61BC9FA297DBD222C4BB1E522A06BFC712A5A466589827151E610AD79171D9F3E05E031567AC2790ADF73C635DD08220997AE47413D69AC1D47F17C2204
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:D+.../.....a.=.3............9.,T..=N...Z...?......*ud.....q.&..#\..$.q.E1..u..1;...^c.6t.M.W..{[.d._....^..w...(....Y....6...A....^C.!...%...X6.8......!..tE..T...`x...U....&z.y.`.m$S.c.zi>..O'Gv.,.Op...I..a...V.q.#....p......Wp..Es'D.....xp....[...Y..4.{.t..a..I..AR.R.s...Rh...6..n......mp..J}......L....NI...F........^Q......XU%^..ha...!...B7.7]..*o);.g..t...?....zd.X(b.P.....P..E.V..Rv.}..Ex..m...x..n]Mea.....2.....pS.....O.4.q.{0.;.3&.....R/..H..%..]+'.v8....V...A.+PQc....#Jj"..c...:.._-...g.....e.S.....GUK.RY.5.o...K..Hf.^....|tS...^.M-H#...... .i..ny...{.+.qq)/.($...U.c...`._.....d.wS.).n";C.....R..O...6..'.G...i.k.4.....;\.~.......[)(.C{k...#nU...QY;o...l...2..-N..K...I "Pv.?cC.R.>*.F.(.Y.{z\.oU.......}_p....-..N....)x.4..........,5_r...Yl...H.>.9.Wq...(~.F...So.Y=dB=.x..zyX.w ...J..tm..)e.(.?.....0.3./y.u.0ho_~.Hz.....C..=wx!..a..N...#2.n..-<}../He.T....QL/J.q.|.....j.j.....4..,.......I........+7....J0.x;y..Z3.<...dae9q..[....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1487
                                                                                                                                                                      Entropy (8bit):7.887845091417057
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:rx10yiYtuamef7E00u6FB+fO6hO+6YwSTHYKcO20hKYOGD/0KL2yYWh4ePTloStq:rTcM7FE00xFBJqEXwH4O205v224edtre
                                                                                                                                                                      MD5:807DDA3FDCC5FC7EFE67C68A8DFBAA44
                                                                                                                                                                      SHA1:646AF33D7EC6E57DD81A91713D8F7EA0CCBFC413
                                                                                                                                                                      SHA-256:F5CB070940DA4C582236BFAE0E009D7C703691A900EDE4B1047707A8918EFDCC
                                                                                                                                                                      SHA-512:4C7DB41F0E15AE26267A2D8B867C2DDD2221F60F796E81662D71A117F0650E4008862728B09986C4CE79263D2CA48B550BDADC1F9BB37D8438A15E8A87935909
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.z)..I.u....D..f...#...r.../.m..{e]W....H=./...x.i.'tk.V...%r.Q.R.H..?z0..le.~....HQ.:.p.CEt....z.....J....k^.......v.r.?.o....+..<G`d..-;..1eQ..Wp.^.:...*.\P6...AI/...v..-8...7.....J.R..*".......Y/...[U]...}....J.0<........L..x.H.N.HvN........e......;....N.C......*..`..&wV.O..nE4...o......@CN.\.......@.4G.Q.....o...[.x..O:.%"E..x.2ub....6......a.l.....N.q..s.A.y.]h..c.U....kV....JZK.5..j.^]...6.j.-Z.0...K...D...E.../..........b..{....v.8..k_..../I..{....N.gm..4.p..3.c.g.0..3...XV.M.^!....Y4o>qIX@.D....:..K..e.pi.!_8YT.@._.f..M..3.......L..V.]..U..o..B..;.._.It.....k=.~.C@...w&...|...,.....5..R..8.wh[....|.9\..G..5Rn.9jh......y...2....cakl....j.......g.GSI.u..v.....?..&\#..OMJ.eLai.......}6/.g.....b...jrdE.e..>..m..Qp..DD.....{|.W.-.1-.R.<.,....M../..b.<$..{........n]u.......r..LWG.Z.}..t.*+.e....>d.td.9..........M_..... ..|Z.j~.......#...b!O..?|.E^.lPap..>...1...]F*a.{.S......d`l....-.s.N. .2.x..w=.k..O..P...g.s..DK.9\s..d.I._..gS
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):185350
                                                                                                                                                                      Entropy (8bit):7.999151982194353
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:ZiqJmjcJQFINgy81oHzwqyIRjNbHnurIHA+2qA/e3dc3UWemMiMQQSSWlLys/grD:hmjcJQFNKwqNRUmwet4emMJMLyVobgDF
                                                                                                                                                                      MD5:0546B1E696B6564E63BD857E214ED807
                                                                                                                                                                      SHA1:3508241911AACE233F5693ECA8660482E431EEA6
                                                                                                                                                                      SHA-256:E855F041EE560EFF873D89834D15C639A9F32345DFDF72501B49DEEF1AB8BACB
                                                                                                                                                                      SHA-512:5756894C6DF0824D3E637ADC5879044D112A3F9FDED53F6A34B5CA2D64C7F4631A801442956C63547EAC994BA90B3AB0EDF2D7EC81EF063715519C2154AEA302
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:F..>8....{....>..Mw7Y.w.w.X...c......l..u..L(V..U.!e3..[gz..Xw.+.E...>....}.t.a%....s.X.(..Zn..$!.......81...:.3...RP..t....QX..W.J3.[O[)...H....'.9~..gF..o.Q..v.....]......@... ..4`:.-^....x.6P9k.x.K..ic.Q..r......XJ..T.6.o{.9.......L@..(jheP.....$..:..1.M......t..y...nA.;#'2.L#p#..M#..e.......1..u>Uq.zk.. .[...V[.N.<o.".F....Yh3..?..0..2q.#..*wI....s...*.o.G...B.P.....|.........[.+..N.....(...=I.... U.D.,qM:?.IfK.........Csf#;.I.A$1TW...Z....(.v.=. ..~.sO..2k...s5#..{\g'...F.*..tDe/dM..wa.g....rA)....M.....(...*q.l.....q.iL8._.!gn2W.!.A.......+...*=.........51...!TQ.....3..rER.....f.....{.3..P....e]..5.&.BY2.&.O.iW.>..S....@...B.G.2...V....B......nNG...0.(..3T.....6...xb+.[.....b....,.wh...4.Vs*\.!.>s.n..O\..$.;c.qM3.<5....c]...f.Fr.6Z..iVX'.L....p...ms.......8<......'..E...oa..s..T...K.C.........f.~,....S.jW..Q.....]...H....."..q.........u...Z..y|.7.w........j...3....i4`QP...a......U_HR7 ...L.,..6...^..V.6...b.(@...{..8..;.RL.yjK..>.FL
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11124
                                                                                                                                                                      Entropy (8bit):7.983276421901345
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:inKgjCngj6j9hFya0bVDxfK5j9tyXsFgG/d4i8w5DHkabBHk9m6/d8JIZjbdT:iKgungOMnBxfKdLyXQgGyDw5LLbBQd8A
                                                                                                                                                                      MD5:C45EB7390AA731125B95C7680C4C4797
                                                                                                                                                                      SHA1:285D5B2F023651DAC55F0692F87FA0BAC541B2FB
                                                                                                                                                                      SHA-256:65944D1D6F5652F26A62576B17C7F04D6CF66859166E2FCF5990E0F1D9D6CB99
                                                                                                                                                                      SHA-512:FF7084BEE09B063A68080A7CF628B75CC532D771491B6D66931EAA6697BECE9CD0357CB1273CCB02C8F0D65F0F302D0D593FC31123F3BCD0DEB56BE70B1E43AC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.JY..z.lo.7[.I.b.M..)..Yv..o$|{....Jn....z.A.*..tV."..m..7.Oya.;..s.Vv..~[...th;......J.r.2.......'...ao....x}.ks.=....h2NmO..5.......$.S.c. (2v..,.j.j_v..y.....Vr._..A5%...../^{.r.kl....)......&.;.^!.r.....bV<.(..... ....'......D).......!=.N.9._,~:w_.)[......dl..'T...KCzvK.T6....h8.GTd`u .w.X.]..........az;C'T;.. ..."cP..d.N....vo5{......K.LX....a.;.....aR.A..<....rF`I".F3..=.f...P...8&.j..w#I...J.2.^..~...A^...r...U....4.....x...?..!..\' H.9.40*...4A.!+.S....\I'..H...{.G..9}q;.=q.8N:.....H.7:?.D.L..-.....q.O..8{.^:Tr..?....^..(.5.c...z.)....k...|+..F...5.X....:.....b.Gy5.....}.H~.....9c../,A.v...(.....[Y..B_...#va.l%.$.:.K....zf.2$.aNE..X...1.um}. .0...]C.N8.t@.{.l...+c.:8N.Lqp......l.J.J.M.....j.............7N.m.....}.....>..........!?...R4AdUKG.,...t.x......Q..ZG...,N.MsSu..6M.....|g.-Q.T..6.C..`.....;...rP.MvBP........v]4..e.y..s.&.....b.q..!..G.....K..awq........".......S..k.[2d.>9........vN...a....| .F.x...k..@.(...8....U....YS..$j]..Z6
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):243450
                                                                                                                                                                      Entropy (8bit):7.999161363962446
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:AJyz8nkIm8uBLCyjMpJRqWY7YhWQLB2z4kk8oZODBIV3t0eSy3Xs:Uyz39oyIpJm2DN2siG8CLVSyHs
                                                                                                                                                                      MD5:611CB668B0BE69E360AE909B591D44B7
                                                                                                                                                                      SHA1:51596519783906AC5B29118B201E9441D9951954
                                                                                                                                                                      SHA-256:41AD2F8337936EAE293BE47C11CE3444A607EB91022C740C5EDBC73A589EB8D0
                                                                                                                                                                      SHA-512:EF377138016831EB5650E04F477CC9A27E52DA5FC047A2EA4792E51E7CD999A9BC23FF8FA4AD931CCD5CCB80A08AE139E00577C734E002ECCFD26975EE8F5FA0
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...._0A..>....I7..........3.......4.z...([...QO....=G..m.).J....21=.&.-.Rx..3. .\..p.n...A.. ......^E^....V.....6e.......pl..\..j.E.i_.g.#H.....QS...7.\..P.).V.6....ZJi.|.+..s.2.gC.H.@X.....{...k..^D....k..x......%..VWccp2......u.6..7z...`........y.6....*.u.c.|..z.c!.....W....e..W>.F$.[....1](..+'|..R....*.h..$.`..E.Z..%P._..CWb...0...|..xi....B.n.).^R.6.\r.'_.N.tw.M...Ne.As..J.J...#..:...PG.+........F.p.f....{.C..x....9Y..O<.Z...a.../].QD....R....wX..S....!..d.-...+...G=. 81...x...7.x.7$].$......0..Vo.L9...Hn..A..,ud.b...$p.CD;....M(..2D!.q.5.3......)..g...;..7...d.....\..;....=.]......^x&Z... ...gY.c..e..s.w...O.|#t.L.QtK.......JOFx~%^s.g.d.fP'En/...R\.....=X..P).I..R....].).\.dq.......S.5.{.|&v..=S...%..<$D.(..F+....xyC..L...)..!o6.~...Up.0.{"...Ey....\JD;ug.t.k.9!.....s....*..8.RE=.....i....@N.)0....H.H.GH..N..=.\...o..q.s?..6...y.M.-..Q..N.$J.6......k.*..$..7..W.i.'..xP.%P..i....*.W...?.....4..hY.vV.].5.9.i?.....[..N.QC....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):556
                                                                                                                                                                      Entropy (8bit):7.605483437491497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:9ntmrnvH9Uz2qBhQMNe4MBtyFhOc9gdYrOqYjBSblRXganioTE5ActLlVM:9nwvH9U11e4AyF1MYrOqYjobl6loSttw
                                                                                                                                                                      MD5:FBFD2FBB0BF12DB4CDA6BEEC26B27A51
                                                                                                                                                                      SHA1:1ABCFBBC3E273CBA6A5AEB4737E7C00853B49BAC
                                                                                                                                                                      SHA-256:62ED7E2C3FE4BE8220504475E6F923CC86FB64CFCD31DBE45377FE2C57B66EE5
                                                                                                                                                                      SHA-512:49F1A839BF57349DEBA92425DF5B93AB94A7159A5498F1533B75DD56AB1AB02B165531FC264BD2C7A0CF6F8C167364F2DFFE6F2E3E5400EDA21BB28C2290FEC8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........d..5.l.....cP......s...N.LN.V%O.C........{...tT. .b.D"x.#...1o)%jw....7..q.JS.D.g..........._FXN...~.yK.__...N....r.yD.ca.F).J.B=1..Ah.g|...q.:....u..........p..Y9..........3D..C...Lw+..[..^..b.7N..............t...X..P...!.LI....7..(.d$x........i..:....r.5.......(..........'E..y.=......|...cSLqd....q........g.......D$tP....W...X.3:E.@.n)...H....+..]r.....j....Z..'.._.DX.U@.f..8...g.y..h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):560
                                                                                                                                                                      Entropy (8bit):7.679917841475828
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:UbUtBrkx+xg7zDAukLsuSZY1HNK1tF7JES/MaUMDCV/VganioTE5ActLlVM:hc+a7zDAuwSZwwZURCloSttpVM
                                                                                                                                                                      MD5:F72D02847DDEB9E1918DBA8144343B4A
                                                                                                                                                                      SHA1:8501353776E9E568E0B0CBCDBBCAFBD458602DB0
                                                                                                                                                                      SHA-256:B6DDE19354B44ABFC3080B11BC10DC3653A686024AD0D2ABA2385C159AF03D37
                                                                                                                                                                      SHA-512:57ECDDA734BFC8BC160774037C24C1A31E18822199BF9204BAE3421806737BB80D0BF207D27D6FF9FD78BEC52442D5480A1A4BAC2375D8BD570052E1F58457F2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...z.!<.P:m....8.q..M.%.;=..1.5c.ZUS<....9H..}V..>DI...q........(\i.t....x{...'Q.x...u&i8]#....Qm.x.b.g......5...Dh.m.?v....p.Z.%gr.(..O.s$...n...o.........2..W.r' .Y.8.Rm......Z._1..G.Q:...+..O.Q.z.}wLG.8..v.Ag|......V...:.0.T..R..naa......#s..!uC...dqCb.NS.....mSfc.x.....-.........J...!$.+..9...yy....'./d...c.Ni.k...|/.5....Q..D$wS..#..KT.q&4<.J...3..\K....H..7..*q..p.j.....IS.|S>..\.TmN..,.[......u.y..h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):557
                                                                                                                                                                      Entropy (8bit):7.669967379420297
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:eEgyKTrAQUqhkUIIEvU66jHiW3FP+2GganioTE5ActLlVM:eEgydUINvYZ33loSttpVM
                                                                                                                                                                      MD5:818650356E99EA5E9746957BE8E4B03D
                                                                                                                                                                      SHA1:2C34B6803EC7CEED9FE1A8BFDBA5D1DE1BB8D5D9
                                                                                                                                                                      SHA-256:8DDC7198FF8DCC085EB0FC075698ED70C78197EE77D49C3F398CE820F1093B97
                                                                                                                                                                      SHA-512:16F19DBBC23A01E20AFA451AD4313F332013BB2A218D3C4CE9F5127C11AEE2A2F904A54E3D030CDC9FD466D14A684AD8FC4169441C4689F05E16048DF6D50AC4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.J}>#.hW....R..iW.._N.`......T..l.Hg>..7..3....;..R..dX.H...PS.......%..G..D.F..{.]..V...........q...M..,./..`F..^|.z_...R..1.sZF."JEN......].;.}.7&"&d...:.t.........^.{...'...r-.%<.{..@J.a......'.).>.p.......M....l-Z...*.g..<.. 3.... ...6.;....$i.5...A....h.j.0.._m......e#..-.........J...!$.+..9....q.....$#.,*.aN.Y+....%.5.......G$wP..#...:.K6&E.....y.!....j.sB..{.c...+...`R..=.).)s.+.H.y.6QD..V..{..h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:SysEx File -
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):534
                                                                                                                                                                      Entropy (8bit):7.637307795266465
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Y1gT6k2/qtDbALPu8NhgcapECEYm663IganioTE5ActLlVM:Y1VStvOP/gxnAloSttpVM
                                                                                                                                                                      MD5:EF567E44BB7DFCF6A496C6BC22B297BB
                                                                                                                                                                      SHA1:00DA8C067776A72966C96361134F8B7CAB4E2758
                                                                                                                                                                      SHA-256:66AC5A7A02346AF61085233372F5635C28E02C7210AE82E7E47B8C7E9BF34EE2
                                                                                                                                                                      SHA-512:A62CDED7BFF31DC136583BFC5BF434240EFEB29EE4D66FD11FEBFC7006B14D9E5B44F15563D7A0BDA6AF1289DE77648EAFBCCE1CC1B5ECE3A710036DD877C625
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.d..m.?.U;...}..:m.....@].!s....SKt....B..Y.HOx+nl..D|....m|.)..U..?....q.U.(C............v.E.k&.-KWSctj.]0.P!....(....~.Q.1...0.8J...>+g...G...(..,._.....t.....u.D......@.0..V...1.2..M./x.<.L...!..G..R.s..T.Q..zae..(.+...d.F.4...x)t~_'.....p........#.b\-.........0-.........y.&X...,......X...u.U`".b(;8......5..N..#_e..~.3F.#{..?{..eQO.fp.....Y.`=..N....)H...?9J..C.:.d.s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1514
                                                                                                                                                                      Entropy (8bit):7.876814911892812
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:coS7NJfd72Z1nhjjRyo62+hvCOx87ZZKlIoCx6RmEymGIj8Xw52QgloSttpVM:cnBD2nhko1+hvCOe7ZZKso/8Yctre
                                                                                                                                                                      MD5:AB9F0EC48730CA4E9BEE98E7245BCCFC
                                                                                                                                                                      SHA1:6304A7E9E12391F4045D04426E4BC3EDCF6DF5AD
                                                                                                                                                                      SHA-256:D1573FA042B507C6DF31A8F506E12BBD334E87591885296430F10D5F72EA7839
                                                                                                                                                                      SHA-512:A2797A1354A7632A8451C50BE28B28AC31F7B627160F84DCC09B5AC83D9DB94C39656B4B80289DEC364CEFEFE36B16271B555BE2BD674F0695E2C97FBCD2ED13
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:#P&J1.k._].....e.<w.{D..ld...=..%.^.....b.,L.....so&..T-..`...%6to......P.........{..f:."0M.v<9S.d...-...x.W.U..TR....Z."....M.+..t..{%.5.n.>_.D.....=....Es.l......D..}..bT.l..g.........i.g[o..[..n6.C....3K#..r...R..p/.4.~..].._.@8!.M#{.+1.J.t.....Jq.U......B.r..^$.u8..wz.....1.i|m..*.........y.0+'....3..>G.A.f.......~p6.....CfW..x../..5..../.BsC.O..1..r...XT. XN)...)n#.H.=7...F.W.>.K..0.!n..X.P.T.op.7lI.M(.~LL.f...X.&Q.ULn..(6..`...o."......)..z.eX..-./.5kH.hV.5..)|....w..GkC@$.eB....U]...*.`f.W.....qO....x....Z1...]....A.&.F(-.W..9.S-.ap...k.^k...z...zqd.....+...]+...W.%.a.....lE.Q...t._E.).qN......m...E^*.>N.Xe..b ......A..*&+9h.U..Lm..#J.O...`..-.....j.m.r..D.*.f7\...lp..x...P+P....%..'..T.k..c=.*....'Q..@.^..Y.....0.. .I.s.`a.a.RJ.,N3v..W=!.X......"?.....Z&|XG....hF..K%..p.I8..Tr..#..Hc-.o.....N.<)...B9..dvC....EAGE..w5.M<.iqO...........H...*u.........t..?.Ko.@..[...>D....O.Y.p....P...]M.2...F.9%1.].._.z{-m...8...p....,?.$.m.B...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1507
                                                                                                                                                                      Entropy (8bit):7.882819704122609
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2Q5aoyYBGKY2pb5JJbF5BLm5CVr7POfqyQENzdDPtgen7EnP0YITTPFZNJiGCBpF:2Q5aonBGGfx5lgCZLEMENHgeS0Td73uF
                                                                                                                                                                      MD5:AFDF7721DD4F979373155369655EC8EA
                                                                                                                                                                      SHA1:CF83660AC49CFB2DFE21E956F28AA15E29052986
                                                                                                                                                                      SHA-256:CF60D243F9197DB8B4EAEF60B0F40FB8102D984F5235B1F02E5A84C702314D31
                                                                                                                                                                      SHA-512:D29CEF54D346CFA9888D64FB263E067ECD98ED24F8E28646611AD983D82ED21E9CB6CE3C09900728B9E76F28192F2A7CA4D7D99BBD1E9A35D8F0A935BD9767CF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.p..wW.............../..86...&.p.[_...QY4b...k.^..V:Q,E{.@.I.aj.$15..yP.....tap.Au@..t4p......W.........<...g..4U...\...L..n.W...m.U.Y..44...O....X=#iK.V.E'..XC.I.f.....)...%.:....U.V........z..B...%....p.....v9`.. .....P.;..-y/sW..~5;.f.m......jV.....*h.n....`...U.[G...6..O..>~.zz.i.......H..4..%Ls.@. .e..... +.F....w..o.....:..(zoX.Ck.....v..5..h....YCk.[..h6.m......R...RS........u..L~.H\9.:..e.mFO;t'.v..U......9b.L.,.U...D5..A..!......7......$NW.GV.e;.....D]$.p.8u ...ui|7..c{..............|.x..m$....-,5_F~...fH.I. .D...el..$H...2- .I+z!..k.~...kYM..y.)_..@..i.p.^8.....V.-..U.)6...m...Kf..U>....+..V....zg...9!........1.j^[RV.Oe0.05...Y...D?.J.......@...Nw..7jr....@.@.o,+.....{L.Sq...x.cT.i.....<..W.X..Y....Z..x..O..7.w....3..l...O2QO..........ncO..j.@.....x?........2...,?......fRq].+.AO0.N.x.>.Z.E..n.:..&......`......h"~h..j..v...*Q.Z zQ...1.~:..$e.\..n...S...&.*....e.0.h.....*.)..T.........3?{...l......z.q.x...D..q.0>;/.T......b.."...7.)
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):552
                                                                                                                                                                      Entropy (8bit):7.615879658663004
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:yJp6+lmSRg4M3j2CLu8cTT7kfjuaWfoWganioTE5ActLlVM:yj6ImSmIIfjutfonloSttpVM
                                                                                                                                                                      MD5:0EAB0CA3BDEF5762E418AA6612B4F6E7
                                                                                                                                                                      SHA1:B16F3613E71480BE5D77D10845BF17D8D59B6D40
                                                                                                                                                                      SHA-256:AC3699FC9B680AFD3E60768413C01B93B74F54EC978E8E41A03EA37667958F36
                                                                                                                                                                      SHA-512:C9EC661660A77A7C7EDC68774AFA89BAA66B2B77D67E29E5743B333CA04A3DB1020C571F6525D1A33609BE8C84250627191F2B6466B89DD9815FEEE581359352
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:t[..)P..+|.%.b...P..:.)8..r.z.z.E>...d..IU... ..;j.m....B.T..3V...).O?o.m.%.....h."...\$..w.R4g0..E0v..]..l.~.&.I...enx.<.[#.4d.H..|.g..`..:.</$&V.$.{r...Q.\...^.....-...?y.P.M..`.........O.U!h.t.....I.<.Eg.P.5..e.Tp..eF......t...k.....%..g>aB.g.........E5.G.._.h....x.....0.M.`.-.........Y...X..y..)."..Z.6k.=Wr.iL..T)......5.......D'wP..;/7|.......a........,=.........yC.R,.I.].f.....a..q..j.~.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1486
                                                                                                                                                                      Entropy (8bit):7.890679887514738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YadCaM3VUIkqJ+TQio9xFmjz9TaEJcIHAe+7KNtZYAg3LS38AqNy6loSttpVM:YadCanIRATQiKFmjFaCc3beZYlXDNyCU
                                                                                                                                                                      MD5:DD737C28507093F7B5CBEFC580534959
                                                                                                                                                                      SHA1:7E9A80651344C6CF733CAD2D5C82EA2BFCC4AFA2
                                                                                                                                                                      SHA-256:CF2146286BDA6D33E521BEC7440133AFB85941F2DC5F10B7DA57DC990754DA1B
                                                                                                                                                                      SHA-512:43772A2AE888281AD862D41A9DB74CAFE6754635F2F36B5D0841F18B4316C83940938B477C930C8A56909C061BBEED9ABCCB98D45C59DC7F1B7E3B572409216A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.E.7...><`.....`../...m,.........8...0....B7.'...cj...b*...z..W.]..7.....d/.?._B.\.i...K..Z.._..)k..[v.\...7f......[i)..M.p.ep...8...Q..../...?.j./..+~J3O...R.Z..i-.Y..w.J.....0)....z.....X.S3.y6..;uY...o..j^p...N..4O.0(.......:!%w...U@.`r..\k....1....0al..7.p ....y=...=.."....t.(...;J...X|n...q={.Z20.@...\|(...m.J.n.~./.zd'8.V....A....Y2..jn..Q.M...uO.NrQj.}.V6....}{.WgD.O...w....4.. ........%..Z.0qf../....=..).B..w..0..B......}.3N..._ew.\..+.O*.a...h.......H...`..~.wD.e..7.4..,~...=r1...g.......o.6.!.....6"..-I?/."F.Ll...P.\Y.J#pn....T.;.R..5.1....A..o..6..yQa....A...........<...A*.FB.a......j.R...e.....p..^....](.....C..iD.P={C......3J..B.H6..5.4<.d...~.....4..&.k......i`.....N7...!...R.v5.l...C..s{v..rx..^../jp..(A..-.O`q..w\....}..o^..9&.%.UE.Yb.....]....g...d.dQ.i..Q~.........95<.4K_.E...6.S1..q.8.GFL.=.^.9.......H.....;........0..#I.]}.....AeAhf....)D{.WD6.:..$...M...m.:...?...c .%E ..jN.>.#.*....s.j.S....f....+....8E(.O.q."...@
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):558
                                                                                                                                                                      Entropy (8bit):7.601976601847277
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:/YSlalNJetTKATgIgDOUgJJLHw/Ui7rqSVmHlganioTE5ActLlVM:/Y8alOKATvfDb0rqScaloSttpVM
                                                                                                                                                                      MD5:EECF735EA343EC0041030BAE2E1F7D7D
                                                                                                                                                                      SHA1:880AE5A79100D0E09AC333E04CB165A6EE06E106
                                                                                                                                                                      SHA-256:EABF2FA4F96C512E03B0A474D8B98E0EB55C19813050C1761A4EEB3E3FD89FAC
                                                                                                                                                                      SHA-512:A6E6A2766F19A04F612BE0FE94127BC3D4631060F624E280C092F0245A574033961639DF4ECD573102D5965D030545B8267C4CB03D5026E0684E113CB5A3CF80
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..mB...RV.e...gF.PA..=..i.!.......h?.0qAz.Y.v..v.5_./d0;.a...WZ........O.y.Q.&....u.........5......(1...3....J........J...g.....jH......V.a......3nHl.x..L..L.K3!.R..w..+....~?..i.....M\Z..i=.9...f2..GtU.S.N...p*x.s[!6.l....>5..%..|R,6.3.R...k8"...a7y.|.!SS.....&.#>..$..n.M.r..-.........Y...X......Z.g..%.7.%NF)j*VR.J..%.5.......G$wP..#.7.a....|.R....H.......7.G...DV5.vM..Z.~.4;..nt.W&.KW....E|m.A,...h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):545
                                                                                                                                                                      Entropy (8bit):7.59651284131205
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Buf3tzcTxZlmuYuTcgu2Yi2h79CKlganioTE5ActLlVM:BEdolbYqu2s3CK6loSttpVM
                                                                                                                                                                      MD5:2A74FE3ABADB1C0A4C24DF117E82F8A1
                                                                                                                                                                      SHA1:D9EA05C639BDCE031D2D1DFD35075256D3234B16
                                                                                                                                                                      SHA-256:2FC3B554C6C521EF1235E43678E8615549D5228A3734BFA83ABA2D529BA47B7B
                                                                                                                                                                      SHA-512:76680B64FF1CBDEE059BA55BAE4C5420A64C89EA23D27384BF78B37B013A0E84F9B2B5D63374B7E0C123DC8BCD9EC9F4B06D28DD6CE265D23419FF7CE7015F7C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..F(\9i..M..)H..].......i..A ;`.HF.l.t..7i+D.T.....6.yN...[.<3D.;K..g... ...>;......zH.&.D..ty......f...F..2..U.E.e.w.9.&...O.rU.v.. 6d)#N..D+q....k.t....\.XbG#.{%.....<.q.8b&....nzx.....g...u.E..f*.;O..x.R......h...|.Hx..J.\...?K.F1...!.d..MU..m.%.A......y..tf.t...........cA-.........Y...X.........g...`5;.%&..*;........5.......D..l.j.f.(...Jy[..w......t.7tmJ..k......&LS..t..o8.y...Cs...m0z.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1643
                                                                                                                                                                      Entropy (8bit):7.893876960026899
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:NpZnTSpxZnQWAU6mqGh42rTjTbasEiKn6sGjHcNDfsQdg3nY1jsbuXukloSttpVM:NLnTSXZQz5mlTXE0seH9QdEYlttre
                                                                                                                                                                      MD5:DEC692B1E9FCA46D5B9C473B24075819
                                                                                                                                                                      SHA1:D985C6061DA57DB05D456FB17E3906D734C4829E
                                                                                                                                                                      SHA-256:2CFA750CC47635E5C944E7EDBDB0E4A1B5C257CE8D0ED5AED0BC9BECD9C70ADD
                                                                                                                                                                      SHA-512:AABB5D38F14C6965BC97329EFA05EC524ADEF44F30BFF8DDCD128E2580779B5390CB47E9C33D86BDEB44248CDAA36AF15C4D723CFE2D237497A7B9B183984C21
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..z`.@b......+.`a..A..5..F...iT.].....1.?....p..Q#.R.@]..@G...m...^.v2...|r...B"F........y.#...t).Oj...c9...`j#..R".......m...{B.}.K/....p4F.Y..YXE......S.mV..pVJ..wL...Gm...^1.Fni.r...e.$e.Y.U...z+...`.u.[.^1U*.wP..`.\.....=u..~....E....=."......z&T0;,.a."r.3..{..).....e.Q.}2...?y...0...C.Ry';..J...J.0S.B..S..+......+.3.q.l..q....3..}~.f..{=1L...x.f...h./.zX...r.7..z....Al.XWkb..!..AL=N.W5IR<n..Z..n...m>.|.n.7.%......v......|C`R.....x.+.dbX...P(.....5.K.{!Rs.x.dq.C.U*g....8o.@....3.~P}.....lE.!...Sl..:.._.......6..%o.6l.....$e.=....4..^n..+...Z=......6.h..aC....#.C:.&......1\=.2.O.1....h.....<..F......-...3:q{.&....". ..F7~.I..9...kG..Q...56.....<#..S..\X...........6........j.Mk...|w~..9.q}....Vf?..#..~........<F....g .....u....wM@B.-'...!...p._...UP.'..........Z.J.....,c.....5.q5c..{...^..A.o;..+,....e.N..G..L...._Q.F..;L.2`e..{R..:.7.\..'.....nk.[.#.e....7....n.....=..K..X.;.dv..@..,........l..`@.....]~....=....U..#O.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):548
                                                                                                                                                                      Entropy (8bit):7.619819146213753
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:q9Rs2i2hFiTV3qGPjp3g3FSD8YgIKVxSbi+Mg+FScganioTE5ActLlVM:q9WX2h8qOQ3QkZShn+8RloSttpVM
                                                                                                                                                                      MD5:D729B8AF5388CE081BBA1C33D31BFE0D
                                                                                                                                                                      SHA1:5FE55F557596ED1B0F335D3DA7589870C1E62EE3
                                                                                                                                                                      SHA-256:067CB193F0EF163AB18523CF6A0046A5BE35AB409ED7D523E33DF4754EA453BC
                                                                                                                                                                      SHA-512:6A678625DC3E929B737D32203234B357A1DD0BFB46AC3C27EDC1C967889D2A2C272DD6976C895C604B82A5B317C234BFFEDEE35FE5C391B3E04CF64676F89D09
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.G3..?. .q.r.n)....X2..|..#.t....~..,......s..]..V.k;..l3.s|. ..D...q... #../.{k....N.c;.a....K.ahM9PXq.<..&..h..I.9..#...Yy.k...........+q.W..o.....O.X..}T..+.S.....b......cncr....1`N......Z.3..o..7..&...........`S`...!.$..._...M..3.6{.e...v.......].{..h#.3...L.pB!.zv....zZ.-.........Y...X..y.`e.r[..[...kD1.6...98......5.......D$b-.=.....J.XFH.<.mV.-e.c....<.|..g{.. .d...Cb.b?........Vt.X{.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):538
                                                                                                                                                                      Entropy (8bit):7.5835272875511555
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:AJRHu8JUwSDdF0LjxX/zthYLaNM0HOpg+6gq554QRoganioTE5ActLlVM:gueMBFQ7nU4HOpgFHXloSttpVM
                                                                                                                                                                      MD5:DD4B107ED6C643F28878DBBDC9659AF8
                                                                                                                                                                      SHA1:2440BEEEE02E5209E8D4C178F2BE2755353C0CC1
                                                                                                                                                                      SHA-256:515E142A9D4B0A3AEAAD4B763F31CC8F119B1D00643D84B58E48BC92059CEE93
                                                                                                                                                                      SHA-512:839B2BD28B8BA5BD774A7DFB639E22B0BB5350BC54EF147FDB21F4A40DEC1B03FFE0DCC9259718A233078A6B11C85937F13577548DDD97DD22EB75147F4F024E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:>.. XP.....D....M...k.&c...>.g.g|MX.... 7&..|vaPz+?.T.g.w........[.-.;....yS.h<Lw...Q^x...e. .+./.b.N...".....<...S.C..B.AT...f...gTy...:...iW{@..5m..6v....@M......L...w...).."....0r..*..6...a_'...q.......e..M1k...mF.:.H.q.P.Q.3Hmu.@h?..9....|_L....m..j..3....G`.&.....+.y...D(-.........Y...X..y.me...x.s..f.v`..0(i8......6....ife.r...~.U......7..ZH....G....B...Pn.H.]u.<.K.Q_..A..H..u.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:amd 29k coff prebar executable
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1508
                                                                                                                                                                      Entropy (8bit):7.859923921704774
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:S5ivqb2yQARTZP6Z25rujZsi0wquqjzc7KaXONcFPa/bU3TKpMivuSNgloSttpVM:C0S/bRTd4252si9gjxnNua/bUjQMApNh
                                                                                                                                                                      MD5:BBFEDE963510E17482D03B419665E0CA
                                                                                                                                                                      SHA1:849CCA732E5DA85FE371F7F1171AE48B0DF6B35E
                                                                                                                                                                      SHA-256:1D88B8EFD5467EE0D215595C505F14BD301568DA347C7C4744A890998802A3C2
                                                                                                                                                                      SHA-512:BE47033FB5FE0D662AA7C358D1AD944938E2EEDB9E44E68466CE284389CAB94F9C42F0C6BF70D8244D551C3B51CAABF06917872AD090CA534A93D6AED57A7E41
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.zM...@..//.........Rl...Wn....|.s....jL!!wW6.hY.`*C9HF...{P......`.#6.aA...q.Y.A.....|......'V~..W9;Z......y..+....H..4...E.&koV....$v..).M&...[.xg....Sk..M.Ly..^..gB!/z..u...,..A.w...n...+....R68n`W.6.....C...,..N..>..hg.............e4P{=#.......x..z7.)...3E.AChp....X.1.^....G......../{q..U....m|.x....4..Dj...1..\.`}Rx..w...!..A>8.J#.'....(o......R.U.. .:*...........1rQ<Hd@}..s*.!fRF.#5}...3.5...D...e...?.."Q..A..7"..Na."..A....aa.e.#.i3............L.X.Cq..C...Q#...Q....1..;;.....:.p...e........%X...b^._.O....6.+........T.....#S|.O..l'..dy.r.te._.$...@1.:..I#.j.e*L......G,..1.[+/@..Y.zJ...VR.]o.!......c....%.70......A......8.....C.3.._....)&77R.a..S..eY\......g.,..7....J.Q.....C.}..t..Y.'...2eJQ;.M`}Y.P{=}.L.x..+:.|..8..D..cc.d9O...)._.B.r..~.......O.......J......m.7'..C?..4..$`i....&}\....../.uH.B..w4..+...-U..HRI..2."....b.~.gx2K.OQ.q-.r.0O.....g...|./.Z..i....z..t.....9.z.C<*.+.C.{'.m@e,.-...m.V1.4.....2.........9....._..v.....~.V.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5472
                                                                                                                                                                      Entropy (8bit):7.966744069832165
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Xs322oY/EP6LhxRHUSDwojqyWqznN9OZ0UobdmhBnHzpiVKkEjtre:832ycAZHXDVmyWqznaZbKkjHli4k
                                                                                                                                                                      MD5:7EEC03C0222D0FC9EEB50EABCD107076
                                                                                                                                                                      SHA1:E701D4F0CDE934BE9A2820117762041582FA4EAD
                                                                                                                                                                      SHA-256:221737E1DF7BB46A0A13FFC90905345ABF808E7A3B0FDA61B1824E67618A2EEB
                                                                                                                                                                      SHA-512:9B8E5B98F77FB319709C29F08B930ACA304BA81928C279E9DFA811ECE88ADF37D5523C11E65A0E84D99831254C02BEC682CB63B17EA89B9988532A6938F370C1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:@.....@]....w......Y.....$.y...Cs:D.<i....~.....d....X...:..Tr.1zH.I.Am...8e.#0.u....R.Q(...]!...<.Ey.....5.[..T..I../.$....U.....$......W.....1m.,9#.~.......K|......t.*....J...j.#.i..`....j&..1.W.[..2(i?).o..).r...[...O...Z..._..|.......f;..B..:..*V.I."La4.....B...{.rH.)....eC.F.#..A....16F@.:..F~.....m.. ./..}.s4.S..x..6....@..e..Z?.d.0u...**.i.[."....Wq...\[...9........e..ZbB-z..2....V.Y-bh.^.+.[6...A*....+.\...zA.Y\L..!3?#....w....].....6.<......@......m&.H1/.......kS...MaPi.lkB5I.x..c.1.m{..|.Z-.A....s....<..Ze...:..I....{x.2..K..b..HN...p.%....KD..(.d.Gx....s.S.l...NS.].Q...f.O.e.P...|.C....&.K....x.`........K.N..|.......&...c....aB.y......((dk..........fZ.....Cl.._.{V.........<-K;.r.X....g.4.....N...+.H..a..H".P..d.h....2^Q....W-,.5gw.Y..'T.&...T...e..mA..7.y..*t.<x@4.6\ ..xA...S*!.W.`.[..V:].wF..)...N.....b...y....O..e...+..vm...8...?.d..5.7.~3..kM..W........(Q..7S..X-.B.Fp.$.W\?T..`i..k>...i..;.rP..DT%...O._..].]QIC.].u1,.i.~.D.._.F.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1031
                                                                                                                                                                      Entropy (8bit):7.820255888196572
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1P4CCfEJSUR1aTvPp3T8yP8trtPSf05Kz6loSttpVM:p4CCcJSUuJ7P8tJPS86Ctre
                                                                                                                                                                      MD5:80103DD572A3FB7E915B4C3CDA76FF47
                                                                                                                                                                      SHA1:D24955D789CDB4669D4ADF79F07748E1D6CA41EB
                                                                                                                                                                      SHA-256:B883EF97A2D2ABF77E9E664B60C70DB9ECD60EE86E92537B263CBB5A156B8117
                                                                                                                                                                      SHA-512:566A094BEE9CBE8A5BA1D5F4FC39C2DF707EFDC7825FD02EAD0DC851CCCC665BE9A77E4ED97C41206D5A729BA25978EC5C68F44F5044BCD54248DA5753DAC148
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...BJC.[-.X~a....PAfrSP[#........B.iR...X+o....Gn.....(r.... ......5?.}Q.@..Z.c..)...A...*U.bOb.(....6...a..PeH!AH..i.8.W.cY.V.o5.,k........Z.M...A..........t..M.;...8..vc.E...G...i.S0@..k..4..u.*.\..8...[....h...CO..~Li."s.p.....C..pw.......0).1K.:..R.."..,...[...]..7bj.Nd...'.:.gnX:...!..^..qp<f.~2..)..]gx....oH.b......'...<.e..(......l.5.P...w)v...+W..&.......a.S....s%w./V.#...V..W.U.c._..{..~...)...5....\.O.b....A.(-v.....]9i.m3".........e.3-..>...G....-.lP........e.hpA....mW...K.Dv.o.,....N ...-.]j9..*...C..K...gk...mQ+.....Y..5.u5.,..W.?.I.....o...r...c....9.4...pi_.4.W.V..ey|.D;..L.)."LB....0.`.Q!$4.Q'...H.$._.Eas ..W5..R.K..5...ga..m'..)(.m.H..V&S..(....%... Kb.*7...d?l..z..U.>. .[E..*~.....NO.7.$....N.j.....@V...N%.....Z..!.,.+.6.....q....$.:.J$....$.N..s..U`".b(;8......5...{F........R.x8.b.B"...=....:..:p{`.....-*P..7fa..4.|>....>.o..s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):236
                                                                                                                                                                      Entropy (8bit):7.081381396636109
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:s+kmlAdImJTAl4NpltzvrgoXnLYgko2WEKqFCKZRQeEClVMn:s+km+dImu4/ltzvrganioTE5ActLlVM
                                                                                                                                                                      MD5:3655581A37470773290FEC3977D399B5
                                                                                                                                                                      SHA1:05A728E3628C43EB28E2A4C9B0A350C29F7E7AA4
                                                                                                                                                                      SHA-256:EC3F1848EDBB0729D229494310A68DF2C89567CD70C235ED8A21CDD59177C611
                                                                                                                                                                      SHA-512:25B8303747C09AAB095CF120F058EA82D2016D0229A7F401EE36E4B65AE6CE56B77F99735E894991A58254E133AA4C6808546696806146EA2472893466F54AEA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:8.@=.....X...v.4jW....yg.;...,~..rw.t%z+...!S...q...5.x%....i..M..8..Y..?+..2.........?.....^W.4*4(.b.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3059
                                                                                                                                                                      Entropy (8bit):7.936927251560998
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N1UFTgxBXFUgvHBW/WU/63dpJaqASlRoh9WeNTPoR0dFLbGbKN/Bk64jRE1jeKXo:N1ETgxdFHvHBKWUWp08AtNTA+q+NNIEk
                                                                                                                                                                      MD5:DD3546F0B595BCB3CC25885C92F85AB9
                                                                                                                                                                      SHA1:97E649956AD5A232F5CAAC5DF4CBF9F85F263136
                                                                                                                                                                      SHA-256:B4B19B0FAB9C4FB9504833B27A774305FE7BBC5099A921612AD0308BCA642B8C
                                                                                                                                                                      SHA-512:6DC8C14C6A00DD5A4A62F1D70D9C97613CC36C2AC15286F7EF19095BCB3FB10E084B6DA71DAE611388D3186A2EED602D85FD5486E4FD0C54DD0D5447F3CCD1B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...".}.C<3.,......&T..........V.....&#.....v..f}.....1r..@...nM.E......:d.R.l.q..x........g.....K..!...Mj.g.3.r.8..........^...Y....(../....QW....:s.`.......i9.$-....0.T* .\....</[..i.~:....|B.3..$dB[.r~..<'I........~..?W....x.<...Te..^.R..-.~...o'..<+..}.^.w..4..Y.3.s.`.\<w.a,o...M.A.F...8....n_j..U..Sk!.O....I[.g.n.}.7yr.2ga...s!y.w.".=M...r^..K..l.....K......['..m\'.8.K..xt..s.|..;.z..O..y'&.FX%......9=..z..".].._E5....>}..P...i.h....>.T.w.(;P_~b....)C..=.Z.........4..U..%J.J...8.r....J[...Z.Q;.....H...H.e.)Y...\v....Oy.5..V\\...E.....^u..}.. ...|.;.s..k4.*L.Z....Wfpn.].../.b.|.j;9....E.w.Q:....8.U:..H.8."...R..w6.vW.F.Y....."3.h...........Xt..{).e.._...4X..:...v>(4R.\.5_._.....ES..I...Z|*.%.q..Rn...w..Q0`.U.%Q...O....B..N.DK.ES..m8.s}ZM.5....{go6. /......V....C,.y..f...6....p.e..../....;...P...70..Jm........S o.c&'M.zU"....%.H..V....R.|.|C.p...Fk......<. ...@....E...W....I.,.4.@.Q.......q6......NH...]R.?.....Sq...hT .Vf..r2fh
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12533
                                                                                                                                                                      Entropy (8bit):7.985600493177223
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:AJ7B6WXDveT4BxVpKkv+aeHsM3r1tPrDJS:SBLe43v14j3rrs
                                                                                                                                                                      MD5:B990EFB038EB6465F346CBACE80D6A74
                                                                                                                                                                      SHA1:9D1F31E3919B0739CC8E4056234BCC0146A1284F
                                                                                                                                                                      SHA-256:8BD43BF60726846E9AE8E5938CEBFEE1BCF831E9E2456930F0B14B24FC34E469
                                                                                                                                                                      SHA-512:D661DEFEB85B0B7F7B65F53395875648E477935DDCE13579EBD5070748E9E3814C82C8752D3055D709F11303CCC1055BDDB7B86EB1B8AB499FD66569D1EC302D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...L.6'...uX>>vj5..3..Pw...Ns3.Md......E.9.}.....+.k..rR./....c._.I.5X.....k..6.r&G#Q.O$g.p..>B.....Le..<.\..^..b..UZ..........2t+.....m$..hi[b...Ar.(..H.......h.n.........3y......ZCN<6P9...O...<S?...0Y..T....w...l'.......6........C.E.#......s...$4.'+............Q. ..;...\..F.H.@.F5...y............sWZ.X{......H.h.S..t.....QJ.@(...-)`...v./Km`p^S..<.G.U...tD<.'@..r6.!.Q...r.'}..]..L3G...Z.t..?.hex.Q.e...J..g..I.a..&.c.d/..J.Q....k..].V..|.p.>..:.1...|.r.ip..H=.......lS.....~."..c.0.E....5D;.=.p.6.........T....'..N0.:p[..\..b.<....v.J.O|..0.......!+.7.E.A?........D'..8o.....}.u^._.V..^.m5..J.q....Q....e.9<gVG..&.{*...R.....#}-..L.......K@.6.i.J......!..n.,.b...W-S..._V.0.:.{.J..'B..[......x.j./.c......G..?e..b..CS...,'..TeH..g...`U.=..>.I.d.....).@.......f.?po.:....x.X0.o.1..U..q.B.....Y.nO...p...WZ.R..i..?.H.!../{-...9.(.=.........y.E.%..[s..I+-..2.tZ.G.......L.6.....1Oi......9e.m.*.s...."......aE.:.ra{......?!..."."aY.-@....1=.....E..4..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:SVr2 curses screen image, big-endian
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):842
                                                                                                                                                                      Entropy (8bit):7.838306636039563
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:nWKRQRUh5KfOQcLIH6XObbguIDfi0ewta9a9DcibRVWamgC7bgAYjezlganioTE+:QRPfOFzOviO0ewta9a9tW9kloSttpVM
                                                                                                                                                                      MD5:078D6CF93304497CF72C3689846A4FD3
                                                                                                                                                                      SHA1:3951A173E94CBF9695C1216CCF6FF81AD1045BA6
                                                                                                                                                                      SHA-256:AE45355F4B9F1CF9CAA6E954DEDFD50066CBFF6DBEEC15506C5466DB6767F7D2
                                                                                                                                                                      SHA-512:B8DE25D750758806615871E0E4F231BAAF6462F245C1823C57212A6991E1374FB1F7DFEA380C4072378CA273E95951B497CD1A77C91D8D00BB41B801B696150C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.._..l..v(<.#....g{A.X.N...|...1;..>.,.&.h.......z..T.C'..Z..b*....f...+..O.....E.d.<.........r'...7w..L.&.f<..C....>.M..4..t6._.-..`..+!...f.D.h8J-.:9ZM..l....r)..}vx^k....(........w....2..VR..w....m.B.=v...[d..;W.5......k...V..5.E..a.1...%.w..fY....K...........Dk-.e..X..Q.b..&...J.._q..!.G.l.Fo1A.)..1.....K...iP..|i..d...h.............J..KW'I.B:9.......>tC..7.p....8....=....h.o.f......t|...<.7'z......%O..J.F...Q.....i....zP.XO..V..t!q.o.5.OH. @....W%..r .e.._..E..*.7ttn.+o..f.T..~o.pDz4..s\...p. .....f}..E}L./....m..-.Ses....$....o..:....)u;..M^..FR"...3.(......c.i6g}9Y........x.-~..qwTt`".0+;8......\....!...`O..P.>..L..5/m^j+.*la.s.....^T.Y...?.p.SJ..P..n.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8424
                                                                                                                                                                      Entropy (8bit):7.974930795958448
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:EaK27FbGWBzBJ+af2BANDI15ifaRjS5yaj3sa5+Tt34P+7Esc:EaKDktQ42BCs14wA3sa8Tt34P+7Esc
                                                                                                                                                                      MD5:D5AA206CAC4BC8F049CAE5F35B29A341
                                                                                                                                                                      SHA1:4920B3D502440466F2C1A6E68A0450407DB20B44
                                                                                                                                                                      SHA-256:951E115C4A3677BA261F487C4881FE5C798D0DAC32CAA5E95384EF046AC21935
                                                                                                                                                                      SHA-512:4AD980AA3C821F4ABFE176C6D686B441ADFC729276D95F37A146D6E2382D04683FF5E3E4B98EA71D473D16C2E6BF77466C3123CFBD5F840A27B29470475BB719
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.r<Z....E.,...{npi)W..r.O].....I...M..mn.K...F 7 /8<...%. .l.|..G...C..........X..>#u.Q.g.]..y.%{=OG.!.CDo..G....._....*.8.<...'bx?......1.WO..$...4...*.6~ged[..6d'..^..._....F..5.........>....6l,%5..j.1...0...\..2.y......Px.Cy[..............Sol........|o..U.rN......=.@2'..sHg....P.4.;"F..M.@....".&`.B..I.e.-a[.V...w.........n...z........H....r....'.#o..".1G.{ ..V..W2.e4.G.X..1.#.P..P.8.h(zz.}......{....i.Z.C..?1k...E.<...'..R......r.)m.....r..1:]".V...S+...ZO.#.t+].<.....X.G?....6.....v...V*].2K..P.BP........M....H@Fc!GG..<.G..\...<f-./.cV3F2-)..h..=.x..[..... Ce*k...KI..o_.[b".....?S/. .@3...r.\.,.!.)...Ii.c.c......N.i.x.u0.r.......#9.s.O..]PEM...7.F..r%........X:..I(......YM...%...U....'0..[...>Z..3../Hk..Z<'.\..F.M~8?.-..R....U....t...9.1.I.Z..n.I...D.h.......y[...R)..H.Kf....v:q.d].k.OM.T\L.......Gs......!7..N.FB.... d........I..!.l..K6._.[.e~E..U]wA..........=....}.*.wk.NV<....|~....d.....Q.l....k....].GP..}.$K..Qb.Vi.S....Q....p\d.`....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3145960
                                                                                                                                                                      Entropy (8bit):2.4498327403375564
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:w2kc/vYXPyFoI4tXfwHGNaEVyjU4ggaJKGGBwq7RLoaWhSe:wWHetX2saEsUvKGG/REaWhSe
                                                                                                                                                                      MD5:2006B35698794DE3A55D5B8F64C4C8A1
                                                                                                                                                                      SHA1:5F41679C06F918F4B8A18A22B572405934807D2D
                                                                                                                                                                      SHA-256:5147D0E473B57ED685B7B3433C1751B5B568793059DFBC8804AD7931F707901B
                                                                                                                                                                      SHA-512:C830F41982C496C6A5F5B05B31DA42FF90B958295842FA1FAD894A36F73941DC88092E5605592701BC25E0AE2988506FEBD82C6F7E711781DA7189DC8589EBFD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.f.&N...-.........--...=.....#2.w._.....1&u.....3M.%pL...<K..J... ...`.....;.#aFE.:......\....D..9.....i.w@.y!m=.r...WY....h.3.B..c..dL.y....#.S&JK..A.^...j*`..t.f.n......}......?I...k.\.I..M......;.>..K;.V....!).q.|.K.. ...d..S......z..6...Beej.M%,..=..W.k...?.M/(....s.!..#.dd.:mW......m(\.Y.v.rZ..t..A...cS.....].\.*$r..T....U/..y....7...vg..Y...wlwp.x.=..R-..Y....4;.k..<..B..+..D.....r....A...6:.Y0...F.uN.;|q.].$f.T-<.c..E.j.HJN..1.+....$n.-...n..W#I.....cW3. .D..9...-..!.I.>4[.<.cC.<.8.....S`B...".)?.........X.4...W ..Z8.v...xdZ.&.>..;e....z..oH.......).W.uA;U..~.Pl.#..v."zM3...e>hp..t.M.....Z.r..j^.P....X1.".........%..h..X.......Z...^.ACa..Z].E...F.....)...~r.W\7.&.....(..V.._W....S.........rw..U.!..=V...`..C..4n...m.B..=...-.=....@K.....=:.u.|..}s..6a..^......].u.J..'..G.i. .....=:...R.-nA6y?..j.4d..KG.&~.kMF........](.........=.R....K".?...I..(.J.A.6........S.SA..:.yg/....k...*..0.tB~.]..>.-....-.umc..t\.U.%\3Z..=.L....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3145968
                                                                                                                                                                      Entropy (8bit):1.9762601314553077
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:bCPrt69y/Q8WUPDQodVPsRpJynVFoFrMS0LRhH1zzPbn6FYYa2:mPBW8dDbTPsR0agS0VLbn6FYH2
                                                                                                                                                                      MD5:F76949BD2885A79262F74355650957F9
                                                                                                                                                                      SHA1:E2AF33DF0012AA633C003CC6E957227DCE6EB24B
                                                                                                                                                                      SHA-256:B8B139A503CA3262177114D76FBE52611C1BD1302E66E66882EF620E4DD4A65C
                                                                                                                                                                      SHA-512:7FF6AFB0C02F721E3ED838EE11174E65CEA77D9BBF6DE1E5C454C8BB0CB52C1004328441ACBCACFB163B5AC255A50842ABA207A82AAA6DE9693EC16A4018BA4D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.!Z.w..nQ....D.j....>.`.:.>OhI/...../....f..5..G4Sr#..X.%{...._7FJNp.....5......l...'0"..b.)"..F...P.d.C..\....Y..W8c.RZPM....i....#...f...42.@..Cz.]SF..j(.b..b..U.<^..V.K.4,*.E..q..rTZ..o.7H.....xZ........$..D!&n..Z.t....fg|.~..w7i...;.....1.%.C.iv.!.$...,.c...!.{Q=X.EZ.....v.=....d.Y%o.bj......e.....K.#..$.o..[@/JCN.o6.......o.Y....x?.g,V.V.pN/.(.g../..;.Y.h........[.q.j}..S@.P.x....%V..J.....q..*u.VY..9)..M..8..1f......F...&58. ..]."*Z....-h..X.....<N.w..[ri..D.+......>..)f..+@.+j.....&-T3...?.y#H.........8.^>...g.eC._}...'.Q/{..wT..GU_..G...!4.s7.6.....=...\>d...L~..3:C.............E\)1 ...g.W..........&.V]Y...]|.....;.$S.B..<.YmH..C..@...f.@..U.e..Y...f.?_;..[.r)W<.p..t.#.+.....@.!....J...(.;....,5.B....o\C..o.....v..g.?...x....{.r.r...k..B$.MB$..h.3...h..V*c..TFn.o..D...o~.0}{.{.y...c^.p|.%n6b..<...>.h....|ov..T.%=.....k.........Z.J....I......)....A..>..._..1...]a..:..E.]........D.!S.".Q<.V......B[.....cG.F....u._...{..N..m...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3145968
                                                                                                                                                                      Entropy (8bit):1.9762758514753296
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:WVDTFo5HQmrnbMzYuRqIvhjbPx6YpQ8JgCz8eIPXoboFDTAMCO4+2:WVVo5wmpufjEwe1PYEpAri2
                                                                                                                                                                      MD5:E37DE866664BA97E8042659BB9FA91EE
                                                                                                                                                                      SHA1:678CAEDB088F79F85F99A3FA1B00849929C4A96D
                                                                                                                                                                      SHA-256:8A3602E9A5793AB9F8906C3B3E588D2311CBCC57EA2D9C0A12B03EB8EA404379
                                                                                                                                                                      SHA-512:07120084E75C83DEAED7CF985DB3DDF6C564829AA08E806066C119146A7A7BFA9AE066F405B55DEE1CA2278D0BF728C92478D32C5857BF46F3EC66E861FEC6D2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......^...Hv.......O.d.K.7v.5.....a..........C.....7.j.3.F.J..m"....(....3.~Y....;....l6eB.|..l}4m......H9I.d*.....Y......R..O.c.m:..]....8c.. .....!.E.M&......m.@\m'.|....,n...YR..O.<Z...3-g.IK.8.A{7g.2"m.f..CC...'.....kQg.#........D...X%...y.`f..L".l5..D..8zI?d......m..P...>..u..`<DNkA.K@mX8 .`...lq.k....#..D.}V3...W.H...'..g.V.....Bof.....'....}..s|.4Sm=.y....W..Q..0n.......Nkn...K.et..y..]....LmQ..J|l.!.a..u-...o..r.....f3Ir...X4..+?j...*....>kH........2i44urP..#.(.v.1...."G8...*.j..r..+..?...;...{\....`_y......C......f]...ZWFEkI%g....#WA..F.5JH%..!E.*n:.Z...H+...rBh.%.7.....3 .Z.>...L....+.U.Uh...r...\."5.A....5y..'.|^..J.e.....#.B%..JV..k^.j.!a.w..........24^..*...q(lg.fk.......t=n..~.'.l..Z-.R.._.._?.)..<....5\iD.._.....}&....W.\.K.$.C."...+.....Q...................*.$oa.).Ia.#.=Lb[...=Ep.E.........g*!.....3i...!..0.2M8l..:.olS.l.U.:h...o..)a.V.x...].o.|u9...3e.AC5.....O......&.:z.R...C0\...k........_.:..d...+.M....vm.c.....a.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3145964
                                                                                                                                                                      Entropy (8bit):1.976263986894703
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:A76v1OQMGOhp7DcBd3wGe2yN2rJAatZWo:Am9qGOhBDmxwp2Y2rFDj
                                                                                                                                                                      MD5:E3EADD7A4D39C2309964E1EBAFC27623
                                                                                                                                                                      SHA1:65D753E0AB53A9F3D6E81AE84AA062810B474F88
                                                                                                                                                                      SHA-256:B7BDBE420F6AF26613D801C348F5E2BC07715131AE7D83001D0139F4A62D4064
                                                                                                                                                                      SHA-512:B6EF0A0EC1B8B29F350B4BE574BA76AB70093C2C2CD173FB90ED78C475373513DEF4C6FEF65DD95FF5215FD86922774E44CFA092013637F345E94E29E6BEFC5E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....+1.4........6...>..i\E+.7..l....(._.3.d.r{........z|s........}..s.mM..<....XC......(.....@...B.s...7y..-..2^.b.Hk.*!.t...........>...4HR...vb.t_..#.%..x.?..i.d.?.}..}.N/h0.......QK......|2.m.f......j....Q.k3..z..<|....|.....CT...-..2...C.......{.4...j.E......P.-.i..C.>}..............G....mm.J.........s....:....{[.4l.I..!a.......r.jp....#....e?.2S.F...Q....zn.0.j.......e..c..;.h.'..7....C..F.xJ....&. ...8..b....#s..k....z..}....q.FF..tBrm...~...L.v.....]R.....u.D.7G........0a..`..M.x.."4..w=D.q.'R..U4.Q%..T%.k9....I.*.s...E.g.1......@.".:.v..f..*'...K$*...C...-[.cz9].sb.u..G*..L...HT.H._G.H...n.Ty....#........j:.......g..d.Y./y.... ..O,.!...}%..l........R.*.z.....'O..j.Iz...[9 .U+b..m..i.'..p..a..WS.9..i..3.$...+.q.6.`...c..mNp..){&....$......V.g...M".'a...B....)...n.iU.O..7.'..J.07.J.E.s...1.V.........Q..zp.............;.R.......l].j..~...f..u..a.`.LC.M.A.....q..vnq!.....6.,?.~..J.&$..(8.....Z...?..G.6.6.8S.....'.!..~..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16621
                                                                                                                                                                      Entropy (8bit):7.988273977472981
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:S5MxoXV1AVK77FxobxUykIji3gVIN3S0ZfqnHRH4dd4:CF1Aw77FxobxUL5lx9q14Y
                                                                                                                                                                      MD5:5A81BB54C4DB080087E433AD4CC09442
                                                                                                                                                                      SHA1:09CBB867D3D706365C1F44A587D29D0DF7557684
                                                                                                                                                                      SHA-256:3E5207266E151709906EFFDAD09A77CBA4EA0D40CCCCFB01712F2E3891277587
                                                                                                                                                                      SHA-512:F2565C5645728F631E80CF747CF869E352CA52449DB9AB5EE5429F5B559D1A56E8B2D99C463EF581905F7901FC5857656763E1AAE2795BF2FF0A940B97BA5544
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......t.O3.. .Rmep....$_...s...L1..s..*...N...<.8.%..I......rrW.?.R..s7...9.@t.`...w....0.-;._.p{..Gc^....... .K...%...s.:.S...b.xQ..............O^..HQ.......g.5........vWD2.W....@\..v.......z....Qn......$.}.B.$y8xP...50..........N.......E.:..@....q.9...X5...|.'...n.......iD...=.bE.!.._.....b..+NR..z.&.%^J..4.&a:tF.....D........K,8..P...~.......O.>....ru.... .7..1p.......p.RjO.v....~K... ..@..7. -..B.?...[...O....x..9...L#bt.k.;C:0E.....b`n0..... 6.f W.7..(nn/.n.:.fJ...e....Jx..D.wm47....h.e.}.p.).tx......>.q..J.u._h..aW.O.8k.wk.L.0..U....Q.......b.i.q...F*8.........~.9E.......E.?..d..3...... ...K...R..X...E.,V.z!......=.V.P...2...8....r.D.|..D.. S....V..b..We.4.v.A0./.0....v...%r......?..l..."..9,.'.....5.HA.'..I.jW.R*QO.......A.hz.6.XWM.....Y#......=..U#.......Rr.7........>#\)B.R.k..z..\..G@.S.e.pj.N.,z+v6..2.....r...b..?......2/.M..z...V.$.,.`.l.E.R.FUQ..y1.cb.X;....Yc...~....A.|.2^7]u..'..>...z..]...C.U%Uu.oh....sT...{K..KC...M:.R@.yF.+2
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5767404
                                                                                                                                                                      Entropy (8bit):1.3963812801135538
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:uZkxWsaZ3DtDvjZadiHCxIo5HojgcFq/nDnr5xR3b0X:pFkDtRadRIokgn/nrr5xRY
                                                                                                                                                                      MD5:9E7B94C9C7858C15B6F2BAF47A735C13
                                                                                                                                                                      SHA1:343FFB3EECCBE2023FD914856AF6A4B01C0B0607
                                                                                                                                                                      SHA-256:92AE10B037986088369BEBB32F0A4A40442454CAD857521B434504D15D9CF8DE
                                                                                                                                                                      SHA-512:094676947F17F238C084102C486F42EA28BB5DA9E6E613471EAE130772266B85F49CAD98860D4AAF5A492A1B749C699329D1D10821CEC309E604D1E2729E14B1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..r@....CG...><{.0>.#....{.....L.,nS..4g......S#y.GY..1T.(.\.@.j5.lZ.....%I.S,.........a...*..r]v....../g.9..\.uW[..(^.5.-vC..p...a>.G..0.. V-.....GAy+1g..V...l.B.....#<,H....w....Gq..C#q ..(.....JC.=Gp..vl.j.eT4.`b:.-._...J.m\.k..#+.)....E..J..H...a,</.........QN.\)._.E..n...^%6.]^..|...>M....m..x..*...X#"......z~.vs...w..i.c.\...[m.T.M.GAh...;A...]i1..~...:.e...a..Qc.1@.......Y.Q.Pi#^.../?.Ze..i.^."1....Y..'...,...P..^T....~....;E.B .4.?B$..#...S..=.....<4..E.....>......M..P......H.9.Q;4.M....8&.....o.v...{B...l..K.4r.1.gC0g...U..7Mc......o..Q{^.r....n....ux@.Wr....+.....e.W._s.'3%.B..;+.....'0s.'7...B.>D. ..4o. ....7.Y-IM..u..........#W.y/+...W.]8.Y$...6.........#.... .>.....6I..6......O.L...6..p.&.l..N.....{...:..f.E....Mq....Y....d..C..k.."H..f.h....kC.....q.'....X../....q....A6..-.mUC..c...jAk./.f......M......c..7..>Y.6^K...L..4Uv.b{..{.U.....D..(..R6Y.v..../...ud.C(.D.l.{.C..k.i}2~.."..t.....!...|...d.9....7|e.CT....]..~
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):248
                                                                                                                                                                      Entropy (8bit):7.1474293747634245
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:O9pp9ehYDJYL0cQeCbKXgjDcXV+mgoXnLYgko2WEKqFCKZRQeEClVMn:4/FncPC6gUV+mganioTE5ActLlVM
                                                                                                                                                                      MD5:DB4C1CDA3309AD6728EFD33FE4F51EDC
                                                                                                                                                                      SHA1:485D6E9DEF88578519B68A27EF2470E44CA29EDF
                                                                                                                                                                      SHA-256:58D6EBCFDFE508DCFB388CBE4581CCA9262A4B2E42D8F79166FC116363E7D1C7
                                                                                                                                                                      SHA-512:FAA23CC47BCFDB6E75D50265E9C4D7E5ABCF9F8D3296A5102E4974E22C1CF9557716815052EC373AFDFDBD41864C9221702F25D7C9D098992EBDA9FABFC89DB4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:6..(.(.Z7.g.k.{.M.X...l.(N...-~..qwTt`".0+;8...n.{..{....l.9'.z..9'..N%3+.N...h........HE.+%.2...}.L.(.S.n.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5120
                                                                                                                                                                      Entropy (8bit):7.96034630087557
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Q2EYzsBiR+1bZKWrZAxyO73lMCu/QtbjPJlvM7sUjtre:QrYzsAR+NZKWuR73lt0QPJl/
                                                                                                                                                                      MD5:2F8A17C27F0743C54E2E0EAA52FAB2E2
                                                                                                                                                                      SHA1:10353D5CB46EF19B40DEA90487E0DA228C0F2AE8
                                                                                                                                                                      SHA-256:B84ECC85056354C5591BB0A802790BD9BD06E369A1CC4C78E0929535AF31ED98
                                                                                                                                                                      SHA-512:47FD621D102EF1DEB401F48A13FB2F1BA121592ABD8AADF04F8B429BC8C29B366458B0BE909AADDAA98C7BAA2718F14949B2751303E5E0B10EBF6BB02F09CB16
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.`....G....:Dmk..i.]....xxB.....O.5.R.=...1...z$<xA.f.}T./.d.}..1e\.6.m)6 ....n.C+.=wH..F....\..DRp......IM<...y.c<<.5.{.... :.E0.....y...e.2.e.%..z...${.??Q..e.B.o...O-k...#@>.h.........B....l......aT..2........}...j..#..~.H){E.........w.....f...L.?H..Z...qo_^..q..R.\.c..4Q.7(.3......M..J?..O.9..v.....q.r...p.h.5.....u>..%....@.Xbc..K.$..x NA....p.E......Z.5B..H.9...q-.}...F....n.....vKPM.!.?h....;8$..w....C.B.G..HS.9.9..vz=.t..;....:....y..M'+\..K...O.iQ.....R../..cf..%.....J>-..@USKS......D?V-....e.....4u..{........v....$><6|..LYc..A.{.ar..C..2c_.....H.n(...^.iI7B....)f..{.E..._ )...*..5.....Nu......._.............(...?....3........RUG.i^}.k....o...w.D.....Qdjox;...z..cI.....|g<be}|1._..}..4`........!..0..m.i..:.e!.YM....#yWS...e:.!.)CV..kS..Sl..........$/G...e.1..W..B(B.4........9.+..W..N.3...{ ....u.....b.C...z......\1"....L.6....M....m|^x...=.vZ..-....H.h.-...... Q\env.P.i..dr*.W..c..LRM3......W...e......5Tq...eS..MH....O!..-.........t.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):932
                                                                                                                                                                      Entropy (8bit):7.7881793848460195
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:GojidoKmW5A+uSVUfFZdJlfsfLoLddVvz24AYyQeeloSttpVM:Goj9Jf+uCs/7fsfLsn7L+mtre
                                                                                                                                                                      MD5:1E69C524E77FF3A7C8CEE85A439FB4F6
                                                                                                                                                                      SHA1:62CB9A860F7F78D8751979F7B0329E7DED7F2A07
                                                                                                                                                                      SHA-256:FAF20BC40CCF22AE187E841994C03DD957CC477F215BEA1F5499289B7CD3F5E8
                                                                                                                                                                      SHA-512:C9F9C62E02557535CBFFF5A37D1C855434D17E3878DD40CE2A3E7CF736C0513B6014AA8881CECCE8C4141D9E3E54746DA8D8C86BAD1D6C263CD6BDFCE9B80B43
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.a.AZy...#...x.....J..(.....6.}.".fQ.\..R.&o.-F.......|.x0....-'f..+:....[.#b......N.....mq.......$..^D.X.\%!b.......<.z.Cm3(M..W.L....w.+J....I."X.2.N...-.3..{.a9.....K...!..3..Zu}.r...D.....J....<.{....:k.=+F....A....Q...<QY..co{/=..`......%7{W.n.....;f..Y...j.)..0..Q.Co...l...zb..es.Nl...7......SD..........?sF.....oA............X......"..K..(=`R.6H..]...f..P"!Cs......{.H......$..r..g.m........{.GM.'P....L.Y...@.$3..)H4.......y.4.+..i.1.^l.[.....)K.!>k...bL..+..a$-...IJ.....[w8.94.\.'.Vfq...%..<....R..AHa...[......<7u.*..^=xB..2....=7..~.m.$...,6.v :.Ak....w......l..R.. ...@/..6..TCt~.-.>?d(...I%Z.L*.DU*. .1..g.i4{~8....=hC.R...\_.b..g.]D.B.V...T .Xl6.....-..)=u...#...T..../.x..$.......sF?M......j....@.+r.....E.FF..![T0..aD.D.......?.....d....h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1208
                                                                                                                                                                      Entropy (8bit):7.826775414799616
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:dgohjgpljFeu4izRmp41wvwPV+0mqz3ZvBtTesGMXrUpZbdYloSttpVM:ioRgPjFeLjQPVvHtTesZXrAZbetre
                                                                                                                                                                      MD5:CCB865032D7D6FA36D8D9486E6E9248A
                                                                                                                                                                      SHA1:3FE14A530DF8D35512CF12FD1CCD967A0E44C84F
                                                                                                                                                                      SHA-256:0EA11C0160F5789E093CD42602503C1E67E99D2E78013800BC91C45FB48B8E12
                                                                                                                                                                      SHA-512:1BA589D089CBC757AB50B18E5426A67A221C3A4AB3FE6D1A565E04155F2D29AAC89E886EFDCF3FBEDB0E3E8837B57DDDEF5848B64E0572C233253B568C0CD8C8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:?4..d.._.DildZr`....K...o.B..Hj......Wj..2]...p..9...[Q.M.48.0..b.F?,.W.h..'9...'...]c...C......AiR.'.n.v.{.e..a......%.x.CD...O,....z2.D.eX..1.v...]..2.`=G.{.....e.P..@......o..&........O.g..pO....Tg....6X.......h.....D.rkf...%.8.#.....l.J...}7.KTn..D.....hY.P.n.z..4~..fL..Mu.%...Vg.Z..#q.X.;B.P8e.....7.Z.%ALv.n..o/ .X.W..q......w.y..6@..y..V.i#.*&@!xhO7'l....<.....9.]...[..q.wf.@P.;K.....5..c..6......I..zW^d...U.....q.._..qM_N,.. ].e.T.3..D..@.&S.(.\....YR...$m....w.......G+\.W2D\.y2.G?T../...e...............I....#E$.[..(n.R.C;..&......&.$....".T....[.|."cZ..8*6"q......G...u;.e....+;...BQr{.W.....r.m.....f...j...qIEJ{...".T..e.&.&.p \.tL.....{y.\............0.o....yx.!...[..&y%......jz./.. $...2...m.M.G..?...$...2Y..4\...8.Y....b.jo'.........J.}....L......;.".c.s.s.-#RB.2...U[b'.....Z..".........:..9.{(<..7....".....%.ww..%... ./#.y3......A..................F...6/..316-...`..H.@...,.....s..`x..hE.s....Do.7e..;..%.a.5.....]...L.......;.../~..qw
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):303
                                                                                                                                                                      Entropy (8bit):7.312967258900553
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:wyA4b9BdZLFZo6tK5JQEj4mrkI2fTXgoXnLYgko2WEKqFCKZRQeEClVMn:wjOdZQF5JtCganioTE5ActLlVM
                                                                                                                                                                      MD5:A6EB29967EF3F631AC2C0EB3E2359FFD
                                                                                                                                                                      SHA1:413346EBBEF8910A9854FE39465F4CC5F09904E7
                                                                                                                                                                      SHA-256:18004741C268584CCFAE7F45A7192166391FBDA489E68E133F9B8B128853BE42
                                                                                                                                                                      SHA-512:F3C969EFB7117E402288CD702F9134A4E608DA9BC3E839B88FCC0AAA90F14BEF082E5E2209C3C9E42A3B402465DA312970493D8FD04889752CA509948E613F0C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..x...z.|.V...Q4.T9....W..V<W.~TE.2.$Me..yJ......A%.a.5.....]...L.....?.5).c.k.s..U`".b(;8......5.$.0RZ.....Gt]..B.....;\IN.. @..........!..m.gA..i....6S.)x...s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):33022
                                                                                                                                                                      Entropy (8bit):7.994370680391903
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:jA+DZNyq/P5KnuBzrRRtMbp9E8mmxyKHWAnxZXkhwWLrkK:jpDLyq/P5+weZ9HiwWX/
                                                                                                                                                                      MD5:54862506FB210DA9C6CF8096B661A40C
                                                                                                                                                                      SHA1:12067CDAC81E831887A53D226C5330F55043AA51
                                                                                                                                                                      SHA-256:58CB00D3E46008268DBE90B113CBB437B25B86ABB3304A24798E4B7FF801527D
                                                                                                                                                                      SHA-512:5B8315FD4EA5FD635394B2A421AC23FF85A5095152936D04B80C87F2F20E6D78CA1F18153FBDF175692109B73B9694FF17B0DB6379DA4E981DE759240650B4B4
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.W...c...=.Dw..MVKMxw.?s......c.G.....g2.$........."%'P..n.|...`8...._...U....a.|~..Ag....yo. ...'..`......;}...>.>..o....}9..."..@b.h.eb..^.....k..~X..y...A....7.+......F....H.%....J.I...t=...n...[..........&....&J.2.....?.|.9x..5}-.....A.2.9qaH[U.Tk....9#;.....S4|.._...eSJMW.Jqq.T....nq+-.CD..9...v....:.v.z6..v1.-.C:..`...j.3.L..S<{.h..KT.@...B...m......2;:.9&...6'@..e.H2....y..+.|.y..eE..'5.d....J?...m..'g..BK..-4.W...$.@..A........3.}..9=..........%..b~...)h.....).T..s..|s.n...`a..q...".?.. ..FEX.m.5..iZ....{.M.".Q.JphG4..&.`....p.....P.M.UMO...=%g......i..4./.PL...=F....!....1N.o'...W..{....;..}...D...~G.... _...L|I0....o.,+.......A..MR.7..Y.,..2..|....!.,.P.."......5[...b7xX..8..).r...qJ...\..3.cp.d.....7y....-.%...!..U.#..L.&.Cm..].!.zo.....!c....9...5-.+.)|7...^.....:..8..T..R.s.".%....b@..5....p..r..F..Kz..Jk....Uf1..^..$.@...%E...V....g.1].t..b...._.ub.i..^i.Q.e........7.%..q...3....,...5e....a..y..{.XcI....)S.H=.n...n-m....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):255
                                                                                                                                                                      Entropy (8bit):7.15132577794045
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:OO89tab5Ny8qqM1xSifbgoXnLYgko2WEKqFCKZRQeEClVMn:OOq25orDganioTE5ActLlVM
                                                                                                                                                                      MD5:1241B0B5452510274422C98C3289369B
                                                                                                                                                                      SHA1:DE751E08896CBD0F44567B2DFC8628EDFC32E495
                                                                                                                                                                      SHA-256:6A7FF5340EA9867460D9E458BA6CAFEB61BE70AD3FC82CBD78C63605AB087A70
                                                                                                                                                                      SHA-512:572DFFCDABDED58DD39D2BE6B40D17197289F4F6A0B8438A7D84124B621BE8934E9600CAAE472B5B3057344BB1BC529F643C7072E1E9F1D7F686CFFEACB6A72F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:(.,.+.....0.K9m..........KF.\DqQ....(.8......6........i..Q.Z%...j.!{'vA.......N.._.I..b...(.%`T<Q/l..........rm..;uVy.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1048824
                                                                                                                                                                      Entropy (8bit):4.982648723353831
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:JloYJ4EV5Q8TwRBfsnXpVCKj5V22Tm9blaLnoyFPbhhaJy79mip:89+DkCOqYSybULnBFjho2mip
                                                                                                                                                                      MD5:187B9DB28561841CB5BB61A8A6C257D6
                                                                                                                                                                      SHA1:2D1AE2852C006D736DC5C5885036183860CB22A3
                                                                                                                                                                      SHA-256:CDA5356E47E03B18181668773318479F309F51B0FB28074F402E92B814FC2E4E
                                                                                                                                                                      SHA-512:3786AF2C32CB160551D0F7DED996107D942FF3C3846FC33B87F6A3627654EB2A29E85CD8FF097751415EF0D2BAD95BF834E9A7353322073D59FA7AE72CC6353F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.t..,.....Y2.>.q_~.x..?'Z......A....h.........@.nr.L.....9_ECf.g9b.4.4O..........R.E&e...d.JE..6\..Oyj7)q.+..."..z....#Cr9.t..S@.....o..V.]`.y..'U.e.]x%Pg....mC..].....\.=.M..>.V.6.Y.w.d.....\..x.>eH.t...."B.9..3K5V.X.A..y@_)..(.]A..e<..@..kar.#V.$..u@b4x.$J%..@...)e.}.,.]...l.1:.......i....Y.!.d.A:..d&..`.902...S)@.l(V.....B......0.u5\O.x..c U.3-3!............ZD.....2J.v..e.'..].......N..}..9..Z.k....A....Y..(..^.....K..1S.(%..m).c...C.@..C..(w.ub-.a...g......5>T:9..C.p....=..UB.m?....w3...8..7V_B....1..y..Q.m.j.D..kL\.'u..h.._...V....d4....,.:..d.V...y;VaR..{y.+...{.....{...&H..2........Q`$.....]..p........;<v......^.K...4...$6e}h...H.)=.#.F..Q.K.;.%7D.j.V.......;w.s...h>.....u.W..B...t..$....U|.N).S.=..'.j...l.h.i..{.t..9.<.>...:..6aB....m1|....|nTo)...t;5pS..f....x..y......vU...+...@).1.B...;..n...6(...A....29..\.IE9.]..=....<....f..e...K;.......U Z.76R.f.....>...:....].....}I.$..Y?i&t....>........[.`......P..YN..*./8.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4194574
                                                                                                                                                                      Entropy (8bit):1.538174289402375
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:lyr5IjvuWXq1h8iyEYUkHPNJEGSVo5w+gSrNfATgHFXKDb:lymjvpeNyEY/jvy4wfSraQX0
                                                                                                                                                                      MD5:A10AB37AEE256C0685F7C00D2174692B
                                                                                                                                                                      SHA1:18029E425E73E95EFED104B78AC25AF7338EA075
                                                                                                                                                                      SHA-256:E722E742B9B82B7E650EE5A89778D3C156A5B984A626E34C1172DCC683AB3C0F
                                                                                                                                                                      SHA-512:EC1BCE6AF382BC3D4EFD6E84D4D45944ADC99A643E1345A64E8F2DC8DDC9B2BFCA98BD112B51422429BDEE3C4A855AEECB7840FA4938FE1E2EB0A8E6A674EF69
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..... i.....f.#..,........x....P..~4..........;.^..c....[&.x9..O..MuPK+}EB..J-Q..\..`q.'$W...0.n... ..F;5..5....|."p<.a0.;...?I'........nd..y..\..sT.Q\.7^...E.L....C.<M3..3.....?K.og2).V....6?q.O....$%.....Hb.e6.....%.X..uf;.E..H".M {'.rP.H...J..Cc..8-..:......$R.9.S.)Wk0..........:m.5.G.....6>F&........X.j&..@...$..T...g..O.A..U....@.2'%{<.o....E.D..w..c) .6zC..].b.o_.6`u..K@....t...J4...{]...;..ya.......S^..+{..........g`I"d.........6.EC..:..2d.J8.....p..u..F../z..f.........K....2I..F.U....g..?....2..Ec+fA+z.w.52;;.s.@.].jv.....)Lqp...(9./.(V)..Bk..%...b.3.}f..^..2......w..!;.R.~...f.\I[.....ST\..;..u..>.up....b..4.y...R.{.'D.<.J.u6.l.0X.@.e\F....}._..S=.C.]#....."r...J......N.....~Gj\*.l]X"<..`.u|f-6TPX..;......th.#...$..c........._5..&<.Y.e..SR........w....``.S...{.pyY.T"..p5...j....3.co../...q..{TvK..d..O...\..r..v...wD.~...d.Y.|.......... ....A.V.ug...k.2..a...{.....y...TPZhz..}.5...d..=,H..g...I.........$,..".*.@.o.op.V..U.j8
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4194577
                                                                                                                                                                      Entropy (8bit):1.5382630045214079
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:+xOA0bVV1YTx9cvoN6LXvTlSwLeCgJ/HnvzBFROF:+xOAonyTzAoELXvTl3LeXXzi
                                                                                                                                                                      MD5:FAE0224EC47E9620B2A8E8FEAC857EFC
                                                                                                                                                                      SHA1:8EA544CBB8830B07C4E79D14FED6046E3BABE918
                                                                                                                                                                      SHA-256:E6B1DB4BCE94A9DECDBDD22E511523CBEF1F18FA7905EA81D4D42025A7071929
                                                                                                                                                                      SHA-512:F208DA078E3EDEC9298BDE01BA65577B0DB9BD9565D3BA6DA043670B273F8E5EC2395643027FEC10E3F5DFB48DB3E289425CF347E687D14130A850B3E50AE257
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:k.\1.+.+...._.r<._P..N.,....M.....K.<.........P.p..j....Y.|..u..W".o)>..[...z.......<K'.dJ.}..f. .(S.C..a.t..gr.....[A.......S.."%>....Qk.....F...QI.......P@U...1....> ...k...Q|.(v.p..l3|.(...7..}30.W.........4.8Wz.A...q......W.5N.1.....|.~&Bp..3"Z...m.6.w....tb.x...u.G."i...../.......*..%.r.z..>..{`...^..y?X......u..n.Y.mx..p...l...9(pk2\..R..;.Smw....x..e...iQ.....1b.|..{=......+.'...8.$..S...L.j..fg.C.d>.1..."..o{.#.e..>...5..K....j..]...f5.......&....u..X.]&./...<..45.`...?WZ...08E.(..\....e[..oH........~!......j.s5...~....X..S.1.j.4....R..Ew..d$...... ..C.$...;.......B...Eq*.\N...........!.*.Av...L..p.SS.2%..D(.K...).w$..X..u+...F.z....l..q...o.........{l.y.I9...IA..I..~:4..`...D.j..f.../.......X!....?..F.1T..;j.l7r......g.\.8...(,.. "O.....n..C0..W..FaR.Y....`q.*b/Q[..C..".Q..P...1..Z..(....=.../.a.$r..z.z.*....1..;.-...W5.+.B.3a.. ..~P.4xNt.."z.T....d..<.6....`..^..].+.5|..".....S.f..l.U.........=r.g.SzpW.'..N....wi..L.......u...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:SysEx File - Matsushita
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4194576
                                                                                                                                                                      Entropy (8bit):1.5380636496628612
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:7zNRg9jBya/bfpBUWFhoAgkNTVZE1Bt4CVfuvABxr:7zNRyJFhomT8BtDVfuo
                                                                                                                                                                      MD5:79125B3A527DB0505D7C7A7C6E5AA3F9
                                                                                                                                                                      SHA1:2540BF3AD70786C833B4EE5DB423BB35682CEA7E
                                                                                                                                                                      SHA-256:FEE10EF7A276C9C1C62085D82F0E7952D2EBB4E1F1692B4FD3594959AFC2D772
                                                                                                                                                                      SHA-512:71002BD425F02D6AD8ADD73757267FE2270BBC6211B1ABB7A2E6579E108F05C213749006E7C92565AB07C1DC38470BE539BA55EEA804F366561AEB7FE0145F7D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.T.3!.o.{._.*.r.Sq..a. `..Ie....B..1....t.3.<.1A.$..pf.t_.. .:_$.o...r.v......2..=|fS.P. ,1hb..z....A=.x.V7..Z...[o.....H.8..{............h.....c@[B.....D...V>.;P..Me..Q...k.@....6...W.H.4.....(i`.l.Nub...)..<.[.s.GY.a..wN...........'...,-.d..^g..bY...:O..[.l.W`?3.G.J..Y.zd}R;>g..~aE.d.X.;.:....3.u.o6.N.nl..2.#...4..v....3....U*l.d......d.V$.....s0...O.8.....D........l[}-.."...DA7(\.M......t.R.. K...=....!..S.....@..S.[s..dH.??...(...d6)#....8.* *.i.MA.(h~c%>.....?...T<..U....i.;..2.C...Wb.....z.c.....F/.j"...uU.6....Bf.&..K.*@.H.=../........{P.O..k...L_.....f....&.06..sa....../....1..6$I9.X......*.'.@sc...%13<._.{...e._.vu...>H.Y...`...Zh."F.$....&9.3...?Yfv.3pf..C....:5F....\..=.z.X...._.L......q.R..U..M..|..g.g.i.....R*..;..n....a...R.V.u......_..[]| .N......M.r!}8.. .........L..G...@^#N.2=?*uz...........P.....bEa.SRb.../y(.Kz...0.e.S7.....\x[$.p....D.f..,.N.Ov....Amy.m.C.xO..o.....LVY...~...OL.$.fI.G..W..t.'.6.-.):.......|.GRtq-..P.. .
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4194575
                                                                                                                                                                      Entropy (8bit):1.5382100273133135
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:xh0+rGxEOythLTaOjM5YXeLcVeFxSTkNvsoK5Kmzao83:xG+6xEpthLGKuntNvZK5K4aog
                                                                                                                                                                      MD5:02D2FB3906D670401DD4005C9859EA29
                                                                                                                                                                      SHA1:68FC71FC4672463311379DECA12FF8F652D8CDC5
                                                                                                                                                                      SHA-256:DEFCDBEBB50FA9412196E5DFE1D693E01BBF87BEFC41132D2416EC89891F251C
                                                                                                                                                                      SHA-512:ADA52FC7781FA06D6E993999BBBA4568AFEC4F174CB6A9977C760B4C0B26D39D9B9A54B63828770EE3EB7725B40EC2CADD178B39452084F658C9EB82FF392981
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.l...jFr.*."5........%..LRf...g.J.EY.Vme#..D...$..<.m.ma>.q.G){<..'..S.oD..=...N..:....r...m.{5.......n]..<6.......x.7.y&...<.......y-.I(.G...\I.Sboa.....G.tM.a~.j..'.....j.!14..[.K\R.G.....c....B.0.....Y...$.'.<.O.QF...y.....f,M....D....t.d...@.!_.......).......s.(.Q=...u.l....L.e.@1K.....~..[.G.{n,.4..!bT.{.2.<.5....3...?a..XN#.V..0..f.<..i.Z.....2...7?.Q..b.[..Ze...).......?.i..?c.._.jM./......jD.....6......G..a.s...x.\......4...0..~m%.xC...C7......}...D......i....b....%:...^.0.Q...B....M..(..1...8...;.E.W.U.$...w\.^...&;....:.{R^[}.s..C..k....M=.yfU.9.+..&. 7.... .O....1.....D..SqL.Fd.=.}.+.Oa7...{,7n..4)'<V}..(.g\..o0.["@..DS...NZ.c.m...i.u.....?...4&e.....s.k.. (.&.1*$...Z.!.z..K...*f...(.....&.=J.Og...D...tYn......!........Az16..~O..>.%.-I.p...MoU.e....K..^.O.{D..g.....[...ZC..3..1....mz...N...P..%.........._..w.z.....v1r.1!G.R..w..0.B......[..-...m.8;..ZA..W...z,.]...3..v..H.....P.S.....Q.<....pNN........Ym.[..../H:Z..&.I.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4194575
                                                                                                                                                                      Entropy (8bit):1.538148151174503
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:S7mPjQSQeeM2pj+7CMWTljnXuAD8vRpjR4eM6tpGwX:8mPsSAM2pjHxrXURpjR476rGu
                                                                                                                                                                      MD5:4231F367C4F2D29713C94E4FA5E906E4
                                                                                                                                                                      SHA1:AA767EFB9DA083614684F563EAFEC53DA663ABB9
                                                                                                                                                                      SHA-256:C1ABD430257953B62E8319491067322B13C18BDF8572A8D56736331DE1A8568E
                                                                                                                                                                      SHA-512:7C7551AFD58D209FD1254F681F8199EA80CA0CD3BDA07131D25885A1DBFB1371643E85BD4C53AD1FA5CAD351BC620AB6E8A0E55598BEFCDE99C536B11B3B1B3D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.iB,s3......r..d...>...mm.3.p...R......G^...[.`.%.i."...7..)...;..vW...,...AohT....2....7..j..$.,Ih.^...{..e.b.........z..a.N?DT.:[.V(.|n.Q....p.....M}....J.%CS...i0.....IQ.k.+..... ...#....LZv...J.{c/..NA5.....cLjRu2.!R.vYk.@.x......'_....u\G.V...5x.>..t.X.${fG..[.Vu.....>.....id.o\ ".8^_~...(8.....5.rh.M...f][v...d..z.....E..L......b...z@.=Uz.'..R....f.H3(..?X=.z=.....oY..$9D.%$.a.[.2{.....&Gi.....n..u.X......m..t-!..cn9....<.A....tD.0`.XyD.9q..&1.-S...#...;......7...Q...Z...'.h.n../...-....Z9'....<..s..!...m..?F.3........gHq.@..K:..A....K].s...=.....S.....k=*.O..z..]..d....0\=;t.*.z...H7..ES.FT.t.1........].{r..~.7Y......}7....I..l....m..Nx.1..Sd.";....t.4..G.X...S.....FP%..3.2-.@......&..7.v(.H.E.....RZ....bs...>..tH59..75U.!.6.R....#.|.N)q..........Is..c.i..U.)H....1X.. d...D}B.h.,...f.....Lo.{...].L....2.+.K@."...g.M..kO..#..Ct..H..U..XB...}.m...W.<....v7.P`....}.........Dy..v..?'.e.....].QL..R..@3.*x..0W.q..nm.......E(..}.F
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4194574
                                                                                                                                                                      Entropy (8bit):1.5382609052472476
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:6qCVQuY9WLZG/UFP1Hxe3AYF3vwWvSZlnyUOQ2dCEnxfKR:sVQvco/UP1RewXu8ZEnxfKR
                                                                                                                                                                      MD5:6633C014EDE02AFC89079EDA352CE2EF
                                                                                                                                                                      SHA1:E4678C85386C2345CD9ED6C8032422C4C9C114A2
                                                                                                                                                                      SHA-256:68B7EDBCE125E6C60D0A33ABCA67091D9F0C7F8833E3DBD6F58FDED1AC2DD02D
                                                                                                                                                                      SHA-512:C8E5A8F726E9C15B45438ED443CB58BCC9CC5B70304F87A31BE862539F98EF219B7AFFAD71CB5021FDBA3C41FD6AE77C15A97FEF3030E57B7C7C62F3BD8E94CE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...."..p=.UV|l.x....Ml...C..;.......z...s.uD..O...v$i......... .H..1.N....v'.qsc-"...BHAzb...x..D............I?..*F.{.#@.....:n.w...r..L.[Q8..v5.c../i..bgm5$..P...J........$e._.....-D..vi.h..7....?...e.*.K..I?...$0...H.2....P...q....T.2.Z.Q.............B.k..Q.........$.S.q..0T$.]{..Lo.O6......b.j.c...|...c..C-#.w.#=8Lu.Q.....P.z.0']q...q H..5..t...z..by.........G.qEV`....w.....;QoRzL...9....-..5.[.F..Z.....3.8...S}..q..t$.X...Y.C......~zxp...&..Q.J?F+.Q....T..,...{.q...x..!.mr.M..4.@..].k.."*,..[...e./-l....&.O@..........&N..E..1...B$C.....:.4...Y,.........oK.6..@....z...=."}:...L|6F...h..a..;..:o1>.W.f...5...U.....dI=.._.....M..sU.<.Yh.v.m. .5..KV.*oo...t..X....j..B......4.[.....>E.......$\.....K..m........:.5]....A..h.4...1...._.dG.....S...3.d.n.n.@.....$=4.....,....c...z.\.au.Z.....8.....9.p.,_....bt..P.as...Z.......|....mGg3n\..h=.}B.(.w}d.Z{..K..!....).2...V.".y.<.|Q.w.*]. ........4../n..u..z.S.._...Q....C.6.PP.+N....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4194575
                                                                                                                                                                      Entropy (8bit):1.5380955577350097
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:LmAB3GtCw92G9oBJrX8OZuPrjJOgbQTC0aKDFCLqGETC:LjWtCVwIJrXxyrGTjDFYR
                                                                                                                                                                      MD5:65F119DACFC17A50699BAA31AD5CB066
                                                                                                                                                                      SHA1:6BE9617CBCCBDC9B199BBD05633B2AB602E278A4
                                                                                                                                                                      SHA-256:440698D381883DC15BAC0AB0858D974E546E42727BC7859F2B13CC1E196837F4
                                                                                                                                                                      SHA-512:5BC990AB88E2722D96CD4A176E08AD38CA7309F2A83BDA51994F545E40EBC01757680A3B057CF84987436404A733523588F11793FFFB24AC6EC74A44AFB76684
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..3.g......a..[...UU....-.?I.|.>.e....Bf......).Z.....c.l...)._.=..c&7y....x..........R....7[.^k`....i...v....;S:.X[.G.'.V*.%.......]_.s..N@.....8l.]..g.f...h.ns&.;.....i.x.v..3.=...x..l.r`...\...=N.7E..E...\...e.>.3....{;.O....).Q......w...z.D\..O$..?...R .EK.k.`$N-y.ca....?.)P^.+Q>(.U.......ms..V.?Xm.....Vn.O.fQ1.9.(8U!h-.-...9...Y.X.c..V.I..gn."<.c$ytJ...E...LsV~m.7...s...+....J.._.c..D...;....O..'.(..TG...{.....V..I.8~. ^M...w.......D...Y.....muWAg~...{z>..{.Ke.v....a..i.c9.:....(MO4...3.*......:Jz.avmg..:.M.2.._.$.!.>.*.Z.K..BH.....@;^..dvwS.w3&.....}...{W.t....!..7.`K6..n.`..SI..z..x.8.0ah2P..#...q;..B.X...".".k...$.....u>...<,.....B...0G.{.D..u.[...T.*g5..^.MO.^w.H..v.p.{...He0.u.....02.]|Y.<.s..C....Ny..\.7......>.....%.S.....8..Stl..o11...b,.W..&..-R.3.....W...~..g.).4.R......'..Vg...h.F....F...!...a...#<3..HId."rS:.,#.....).H...U?n.K.7y....6_0.Vb.E.@)`.:..X..L..6.!...g....:....n......p..2.;..W.F.6.B..Vk...T...c.'X...`LjK.M..u.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):279
                                                                                                                                                                      Entropy (8bit):7.27219356806914
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:VwE2yNFk5E0jcPOrT0nwDyq2ZDWGjXgoXnLYgko2WEKqFCKZRQeEClVMn:aEx/3OXJDyqpGjXganioTE5ActLlVM
                                                                                                                                                                      MD5:D15DBAE1888CC963627368CB8C169D38
                                                                                                                                                                      SHA1:EC4418795AABDB5DAECF2D8152ADCB09BDFDACA8
                                                                                                                                                                      SHA-256:23CC67687EC7F4CB79EC9B0D9C605938D9960970707D4A6EF8F18BEFCC0F1C9C
                                                                                                                                                                      SHA-512:076190B20482F7F85DC8D42CF61FBEACFE9C9C55EE53BE2F0A5270B76FAEC8AAE1C85FD167390BEEA750DACCE36B30D52D1EB8761C27A397595875CB237288FD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....Y...Q...u...m..S...[....3.....f..G..*.+..k.d6hj@{..$....;.../,..qw.w`".3(;8.....F7...n;B.Dj...,H\.m9.."...O..m...e...w^.....&..p.....i.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8422
                                                                                                                                                                      Entropy (8bit):7.977131705663932
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:UsnzuxNvgGjzMpHsowaGee1A4o86fNbOGYDYwCtxPTBkzZKZ/:Usi9lIa9y4odfNbOGNthBeW
                                                                                                                                                                      MD5:24123375135CAC7433BFD36880F5FBE2
                                                                                                                                                                      SHA1:2833933E3E588EBD2E8846E81AB8BEC1B6E3EE75
                                                                                                                                                                      SHA-256:DCA105F14BE0B9327CAEB4642390816EBCE8CB72D2E42050C79BF9444264313E
                                                                                                                                                                      SHA-512:C0F7B791A9A16FEA4933D4FA5956F35D01DC0A1E033BC93ED0ADA8AD0AB9BDD7D41CCF510D3B0EA714F8ECA4B73C9843F948EB1BFB942B2C12944ACC933AFEA5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:=q.....0.......*0..[N..u-D....`.k.{ji.. QM/...j..G..j...F..>I.p...6.....l..`]%~c....rY..}.........y~x.....k.u+.7`.[F..P...F.tX.>..z}..&....pz.~.Q_H0.N..&.t.....c/6r.....5.*i......n.].T.+6rwLZv1...5...^Q..m..d.b^v....nI...=.$!...;w.....Lt..6.]~!...]....Z....K._Y9...$......_.. ..6.k.._.9....e.t.%.0.j(6-]..j..F.UQ.....;.h..Z.....K....K2.r..`.Qc;...D4.S..........J..4.V..Ne.m`.....>....a,./{.C.#.I>.....R....V...xf.eKU.2.F4&..M.m@.xX..-....q] G.&A..Y..\Be,#......."..D[.k..h....2I<..T.../$i..198*..R...~..l..=b.F.."..l...%...G..zk.xI.D.......N..s.s.6r....DQ2..j......<I./ .Ix. .(.^.J{q.$.O..Ox.*...$...+.>1..x..F..H..s.RP..7..h.....A...aC......\..K....4.g.t....m]....2....^.#...H..ET....Ch1...D4m$@.......z.}...r+QGI...&........+U......M..P[6A.....gB4.A.*i$.."..a.....N....`9..|E.q.-..[.....x..Sz....6....I.g.m.7...KD.@.o.S........!...@{yL......z....V..3....m.r...,..O...l7....Q.......7....^`...Z;..........&s2E..~7.W;v._...Q...)l ...G...$.....3.../...4.z
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):270566
                                                                                                                                                                      Entropy (8bit):7.99931533608953
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:1eLHvNuqIYudWb+UVTuQHxxOKAzAHizQepA6YtQ/sIH6G0BNtoAl:1SNzC++UVyeOKKhQ2Y6/OGsl
                                                                                                                                                                      MD5:FD3CF962016C54919B7AA1F2E6BDBEC2
                                                                                                                                                                      SHA1:3F59B6D46B576969B1E188E7B0519C5E2056ABDB
                                                                                                                                                                      SHA-256:D7D6D8428572E5E9486665D4E52857776E8C4781F7552E25DA7EBF8F295292B8
                                                                                                                                                                      SHA-512:1604225C793CCF742A77192DAE4D3A45DB198DC37FF2C1CD4BE012C10EDF562F29C7561E05DFB047488619BB1A9435583CD454E5129A0A55276CAA8BB67E1B0F
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...=....-...f...."q..p%..{.E. fp...Fm0|P....d'.r>.0..B}.a...K..TP.&..&...n.....9.e...X..u.6!...tIi..h7....).w...M6..p.......e....R......w".....G.$.....^.W.....0Z..W..`Cu..........~1...i......f\...U.../..V..E.....?...T.Zx.quw.$......vK.d..3..B....0.&/.l%..1i0. c..Z+I.n..KM....O..%......Ng..kZ..Z..Z.."p.^..X..'...{..S.......q,..WV^X.!...y.$..s..w...7.~.N.l.\...X..6....ZM._/ ....&....$.q.......~...? .E]m(@..c#...@}.(..F".......+~"~h .K}v...y...'.F..d..5./.........'4...^..3.Xy..'$.ZTq.J.H..C..B...........T..3.V..U}..|7.+.:......*.0v..I.....b.^yL.Aq../....m2O..b.\..w.1...e.....f.i.^}.E..a....XV.{.=8...^#:.....o......O.........D...s......Sj...n.V.RG).Z.D...\....=.x...i.v...Y...d.yL.-...:..+J.........k.(D22..bD...x.E"X2..J........N.}.P&.tM....d(oL..2..C...{.u..rkq...j.-d...}.....]$6M....)f...4-.O>...X[..1....N..Q.S......}..Tp...844........-.9...Q.#../.m]z...."........g.....L...f$....-+'...8<.'.H.......;zBg..".1qv.....GY*.Ou.!D..z.o..].
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8422
                                                                                                                                                                      Entropy (8bit):7.979748149144247
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:P8r/DYZnimODH/Itj06RuyUbq339BcaFBXFkA7aE1aNCpCHwnwW8GcpAmEGexLjX:UPYZ1ODH4JIle38aFNFX4kCHWvcre9jX
                                                                                                                                                                      MD5:66AE23657C13868DD4EF6B71FB3F9301
                                                                                                                                                                      SHA1:5AE5249CC415DBEA6134460A41C56B0CF0016CDB
                                                                                                                                                                      SHA-256:A00502F0B3AAF1C0567B0F7F198719694046DF391A6C0AB392B764AF7E7F0FCB
                                                                                                                                                                      SHA-512:6C1879CC620DC7076362A827CA4B02CCC506343799FF8A615D8231E0D767F8CC6C1ACD366D6F5806AE9528D61A62E0E894B9E090B5A9BE41DED8F6C185C610F3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.Le..H6...,.D..CL.?.._>>.l........f7kS>...).>E!!#O.....?..m.ve....L.|...ye]X.t...(..).W.......7...Pb.$.jH!c..-.<.S..-+.xL....>...C...d.n.'n.;.7.g|..B....mq.Z.D<..$.+.L..r....Ym%...L2..?.c._...F..O*..NrB...W.>S....Hi|.|.q.W.ynb.K.t.h.>....'..^z.H..?$5.B..E.a...hm.......5lj...K3......m..h..J.O....T.').-|..;.v.~..u,.b92.Z.?.n.P....k...$....iX. ].A.U...#P.Y.Ha,N...O........C...gew..Ek.........g....M1.....H.=..+E...t...q....Y[@.."...q.. n9..&./.1....D..H.../..(.....g....hp.3rI....kp.y.j.'.q-r(R[.Z..Y.m.t.z......C..41....N....3%...j.flL....S8.o.D.t.G=h..y.......0...E8:w.......n..=..Y^b^..^.4I8..P..f...F.M|.R`..<_d...{....kp@.U........h.....>1,R| 9..."b.S...C.?3..$";....l.......F..B.kK@...D...X.?.t.i7...;.L.G.0.C.e.q7.1 ...lg0m.....%u..,...../.:\..O."..<W.VT..N.....a...#.4......@....m.P..,{{..#.s:k..V...E......F....q.....;.VA....Co.-.....n..u6eI....'..I..:.W...G+.OE...W..C._...."...y. r....].~\_qj...6."k..K7k.$E.{..:.u5..M.?...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8422
                                                                                                                                                                      Entropy (8bit):7.978235067969257
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:2XMInSeDtyzqppJkBm6ovArcZ5WpfbGmInPNLPUh53/:2XbSeDwmJkBm6oiXpfnInlLGN/
                                                                                                                                                                      MD5:F6ECFEA76C5D4AF660AB7F22797EE4FC
                                                                                                                                                                      SHA1:C2D7101C69ECFEEDAB391F62A318F4686863C408
                                                                                                                                                                      SHA-256:4C662EAA3361461BC17039EB1715BC17A834500AB4BF77D28207F55C89D62D9B
                                                                                                                                                                      SHA-512:2B4E93DAA5CA8339F8FF7F34081B07C56B70E738FA4629E2843DA237D389C0A3232C70CA55E0CC73B814C28EDDBE6F302A07AB16B220DA223A7DE1EDF436EA60
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.9Y.wA.U..)E......t.zEz.E.S.3..ljWe...-.M*_..a|R..N....]%B.P=....."n.....F.0...A>.~..B;.e.8)..C..`..7..<t.....vV...N....%.L.B..+.E...g...P...}.A.r.\....2..R~...@;..|M<.^..nF.x....<.1...]].WK&.m.G..Ii&........*.Ls.<....}S]|6([.Y..-'a1D...DCt%.LT.l./Qa...y+W..s..9.....9 bg.. l@..7......?WyM....:. .Q.%x././.IW....W.....@.y8F..{...X.^...2;k...f..x.<G....3yr.......F!C...O...6.+..9[o.b....Lf.=..z......H...y.M.....rM.....wc...y..n.....Z.k.7.aZ`..H..N._.X......Y..f ....'M.&.!z..;..1].R.7..S..Hj.`..V[a.x...X....t..x. ....Lo.?......K.V.0i..kG..P..6+HE.O..z.Q`i@..C.F...(S..L.}3.g...*|$FXL..hO..N$.Tby*...fN.......h;......oi.Q;.......w..`J..../....K.X~.UE....K4.oh...N1..f..}...^z..F....l...4....z.r.P..B....u.p........t.G....T..A6..d......c.Iq..G!..[J.i8...}...$|[.CI'.....m._r..h$..Z.@........."..Me...()+..O...4.{.Z]..,....i?..m.O$...D%.D ..r@...:.P....}.L......N.f..%.>w....NxOe.Vb.j...w.O.5.K..&S...Q?;.....V.^qu8+........o...X'.X4....E..aQ8....r..2D...nxK@,
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):262741
                                                                                                                                                                      Entropy (8bit):7.9992181236855595
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:TlUbLNzPeE4x50fna0XJuaG3Qt5782pymzkETc91lf:TqzP14xefna0Xzd8HmzkETOR
                                                                                                                                                                      MD5:10F81EC41206268395917CA61F8DBA21
                                                                                                                                                                      SHA1:9775AF5B5E8E140A25641DF2D15F01FD0C51F0B1
                                                                                                                                                                      SHA-256:B69DE2872BB8AA52749AA84E66A3C7A53FE2BD5AA90829F8F061113144B9C124
                                                                                                                                                                      SHA-512:AAE0915B8201E2FB945BEE2C04DBDCB4D835F57BFCAFA105DE66BE048B57409A65E1001C419BFBED0C8FE342F6EF56EA8167D33444010F8D804A9B3D244DE400
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.[%.))....j I[YD.s..ks..M<....P*....qU"..1m...MGn......~.o.3..g_$.{*.e(e.V..7y......1.b..Z.y..j.EX....K..YP^. ..T.},..Q9......6........K....=...<V6L.3.#...M+l6...u..v..^.Q.GC.ON..t;.=qQk4...DoH>q..8.......|"..B..I...,$./.]....2...A.Fb..".....4.Sc..J.Ka)_...O...>..eliP....n......P.L..V.....2|.[..C....j7......7...@s.....2}..."...........>..|.%:/.].p.....*.k..A......0.hV;l.h3pT`!...T...:QML..7._p.\.?2.fd...P........$..?].XBA..u....$.......mm0X.I.!!~...!.........c..)...8.*...p.\....-....k...g....,.].Ss..?./>N........(.6..gAc.j(_.9.u..7.....9?.".2.....}*.....M.l.#f...H5........q....].nf...[j.....[...sQN.6...{..[.....0..5F&.....+.....5..|.#..0.....w].*....$....1./puW.m....[v.-....i.....@l.+.XQ..k..w./G..."...xju...Wg..&....G..._.u..9..#...@...r@.>T.:D"....a.s.~.H.....F?R4.}3...I.E.b+3.p....y.S.)^.uB..#....E..Z..:B.......V...4.P.P..0~.n.^#]\.l]jZ........9M.VA..W......w..;./l....)kb.@c....|Z.....-7..]..W...(.s.\....=V.....P.c9..> */....Xx.|...6.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8422
                                                                                                                                                                      Entropy (8bit):7.975766639777702
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:1RIAByRQ/sf3rNxKK5gLdxU6Yzl0McSRSiGmJBlRZHYjP:1YRQ8nKKqLdxLMrSiGmmT
                                                                                                                                                                      MD5:BC16290650F36D33DBC1B319F7E22271
                                                                                                                                                                      SHA1:7D17E5A696569F7662A06F7EB8129EE1C406973C
                                                                                                                                                                      SHA-256:DEF3BFC4332AF3FFAAD9C378EA1EC615116E32343A7C27A8EE62385A9486C123
                                                                                                                                                                      SHA-512:273062DE956F80519E79409EAAF888B56DA154E702A75C037AE5A2CBCBB0AF47AC9D1C33A6CBE44680EF47A22233CC7868826510E611933A51DB768D0B332F26
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.k.:~.....U..0f.wdQ.7......g.s..ku,..f..b.bx`.5QMO.CCeVA.KB.,.......!f. i.3...{......8I..v..O..kyS|.n.Tf.<.>......&.Mo./#L.._..t..Q.....`.e.......x.JGA,h..qC.'..u..z..>L.I+.~...&...Fo..s......Br.v.|%:...#.j....S.....ZG.A#...H.k8Y]..mA..[PV1.c.F\/........[..-Re...WS....R.....}{....wF...q.&f z...R..V....\[I........!.}...,..../%...H.5.F<l..;.E...|IgP7..*...Q..n..b.;..G...a...#T.q.jN+.c.......b...........W........U6.B......V.D..MA.....?7v...| ...mE.cP.- ..e..e...e.._W......W#>7....v.)..-w..;.yiL.bVT..}..s..._.f....0|...+.p....."G5....4G.8...].....\.(.8.:N..%..w..*.i..\M\n..W)yCH.M.QaP..259k..s.Bo.!."..\..?...]...iAI..*..&.^...o......&.s....{nS..o.[ 16...Y@.................m9....f.Z........;v6V..*.!.J.+....%.k......g..C%...N.C.h...%i.6&&1{.....X.N..c.uK....aM.b..k.my..:b??z.....b..7.}...YD..N3..8vfP..;......0..4p8....XZ...Y}[.l`..8G*...U.D.X......x...%5...}].........).....#...F5J..4y....)......w7...........I.I.H8...ql.....%.&\.m....#L...)=..._
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):270566
                                                                                                                                                                      Entropy (8bit):7.999223408899407
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:fqxehqTE3Q2xYF+GVHCX/g+HbtbAx7CRpxEXk1GszD:fqxeh0eQGYIX/g+7ummXk1GsP
                                                                                                                                                                      MD5:A22A68EC667ED14592DB4133987AC464
                                                                                                                                                                      SHA1:8B45896C22A277A02786FCE1A5357D124724E9B8
                                                                                                                                                                      SHA-256:903F01A3487D241EB0E60A7D99CA74877EBFDF697F5463484B88228BF18D3ED1
                                                                                                                                                                      SHA-512:ACE7649D2CE2C23CD96AE0F94A33924DC201427561D397C0C240C94A05F6A965DED7A653DE6DA6B09B6416ABA94E1DBA592A4ADA35804AD6E73E71D5891ED675
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.......e...>....F..g....o...|.[....S..dS.b.&.i.'...ct....7.dt...Z..|e...s.F.-|Ix(W.1.k....i.@,^Kd..@.....A,.....2.....$...BS....5...{..DM.....d....X.c*.......:.ws.f.A....G..X..2..._.r.'..C..U.......K\..TZ..H.*. .Q...4....o..Q.YL.....z.Sh..nr..!|0.. ..r#.v.n.N@....u#..]3.^m....=....`..y>..8.?ej...I`.S6.<.@../a.))KZy..-..h...SBd...d..1t!...t.M2.....}>|...1.V:?.v..m.;xb...W.'..>..+.@f?....u........+.....".h..-..r..-_C...?.>Nb%...F...........Jz./.~...1.-..V.t...)p~....L.a..h...dU..o...R.p.Y0.{\.2A*e...a.+.X?.......k.&x....^.......]"..o..h...3... .6.",.....BD.p..R.4.....2..g.....1.;}...(.Rq}....]D(.)?...{..8.j_....#.bj....L.)..Sgg.y....X..x...p.xi...^.]..qm;..F.}.~.+..JVkC....=r.q..a1lU.......F+!....T...E.....o.7...he.....c+.a....oz.T.?'..X.....U.O....&.....\..j$dS..q..-..{.._A....y(..#....7K.Z>.I......qsC6.z.kx.._zF....G.i....s..rD~ y.w~.. ...xW.F#.asm...R_zZ.z.*3....lJv..4G`v.J..'.w[.%...HOo..<('.....%.f......tqy....0/.Qe.......h.9.9.s...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8422
                                                                                                                                                                      Entropy (8bit):7.976115573888174
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:QrpHj28Sau0W1xE9mcEE6OJBq5gt53pANXYCBN7AynRcgGXtBEb:ABmp10xEE6qEk9ppCD7RqAb
                                                                                                                                                                      MD5:F7879CB5005F6D87F75736F42A99B251
                                                                                                                                                                      SHA1:28EE923BF44324F355D49073E906738E4A260022
                                                                                                                                                                      SHA-256:60F43435310335DA20DBEC0E5464772CF1F33E0E12FD9C0207BB2B1123ED6952
                                                                                                                                                                      SHA-512:0F742C6D39673F2D1F7309E519F90EEF1F3DB5DECB90501669CB0AA92DE6FFC1EC6AA418C3F64BA57FCA4F2C0E001B0D0B37985F4F7EE8DD94783F67C6C35926
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:W........4.2w.d]..3.m........(.:..[..3W.|Mx..)s...<3+.T...2;.k4.....uO..'I..Z..j....8...D.(u.?C~.....&p..2.A..TK.p...g.....o.!an.a.3..s*a.B.g'..F....mZ.PRNn.W..G.U,jc...j../8Y.|;.u2|..{...l..%}}8._..9\..$.P2[c.'O...l.<B..j5.E.........Y.S....p......-.O.....v......n..t7.T./..'.....)b..ff.....ep.......3.q9...Q.8..#...wt.....P3.R.E.....9vo.o.N....s5........RU<zBo=...........w.{y...B..zh....Zg.n..|?...S...&.2cc..b.......h...W:d.W....^&...V.n.6,.6.......n1...+..w~.-..h.#.f.N.Wi.A..*....-,u.l}.z..v.O.%<Y....N.6...._......<..~[8... ..wi.|....q2.....k^v..H.....\..*4+Nr..Pv+.\..Oc...Gd.*......U...z..D..z..e{T.8H....6XK.G..J.5......?.x._....^.....8......]..zE.....@.?.>g..-.q5....$.|...q%yL.P/...Y.O..h.IL..T..Q..;4.(.........w..'...qe.O..vp.{."...C-.....\._.c..,u9...KZf}..........W0.g...M...R.BF)......t6.&...:S....=...,.IBQ......e..N.E...J..p...D.S..v.h......"....D...../.`....)......(.q.:.yp.....3E.4P..2y.i.y.*.,.....)C5#.6d..E...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8422
                                                                                                                                                                      Entropy (8bit):7.977907000426962
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:fBMya4OgkObBTPIpcih0vNvn1GfL7MjNqOSHoS4LocHk9aO:JMD4OgTNMKm0Fv1GjistCLY9aO
                                                                                                                                                                      MD5:C925F59D38BD48295F9224504981003A
                                                                                                                                                                      SHA1:AEF050DC828B23842A7563FB1ADB9A516FE03D1F
                                                                                                                                                                      SHA-256:BC9AA0C4C054A3A5AFBDEDAC47D33D706F74F2DED172EF7B6A6DE5E11D324B98
                                                                                                                                                                      SHA-512:18A4AF2AD8230F930D1B4B96AB1112D814AB902D6C54FDE04801C072497E8C60D699CC85D4A3FE27E90D12960788068D096E32C210C2B98DF44F2B0500BAD59C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:|.B.._....l......C._2=..0.".....i......8.LjHUq.....v`....4..Z"|].?j.?Fk@v-.x.x..@.-.3......6......2..q|......n.+..{...q.0..sjSq4Xm0.-E.......v...V.\f....]...G..9+Y.K..gT.....'.M.^....._v..+....S....P",.q.F.n...{.N..9..Hjy.e....<Y...G.6..F..k..Ik......Z.EM..;...3P......6......W.7;v.~.X.\F3.P....jm....k@.5.%.8.`...).@3T.iItE......I..4.mJ7h......A.i...8...U..fd..X.2..N$...B....T.W.4.>.......q:S......}....q...P+.}@........OI.et..4.^...z$..I.P*..#.S..c-.-FB.u.g.N.OR~.Jl=aYk..._.t6...$.;.L.a..?S8...n.hR..G.../...gl....&..`,X...#..".zo.......$.?..B|".)..p..Z..5.[..yY]..,.......r&"J.Q..$.U...AYK..."&+..G.\...&sD..wD....<.a.<\J8...;..._.M..ct!6W.&/...09(.=.7......L..P.-.....|0.-..2...7.,...aL......G..T..d....o...+...0....Ei..I>.|~...4...1o....s...u?. ....4.$....W..r...e.1...0.YK....~...%6d.1N...Ne...z....goR.K{..H..xu].@........a:.I..:!..i...*.....*U..."..>..U.=.$.u....w;G...=..._..P..'..?vLs..D.....Q.!9...&..p......q..}....x....]2...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):262741
                                                                                                                                                                      Entropy (8bit):7.999333076486404
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:KxpxevfNSyE9fBA5dUUYwO7bfiIrBmWZEEFo8JP+ddY9UM5MdG0t6:Ipxe9k9fBA5iUYwO7bcnEBUdoUZjg
                                                                                                                                                                      MD5:52F7D486791FE747D85DE187638022AD
                                                                                                                                                                      SHA1:2F28B2935AF3CEA427907C1A2CC63CBDD790453F
                                                                                                                                                                      SHA-256:0DD2560629751249F5A6CDCD3E7F25702AE27D1E14CC07F239D4080226693243
                                                                                                                                                                      SHA-512:0DFE8AC27D19567B00CE3B52B2095509D09D587E5E0DCFCED6ECE14C23B4EF00ECEC7ED5AF654AEE3149DB2AFAB742E93F0F9EF33C218DFAAE31E91D89C25459
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:8w.........R.WT...|...L.@...s..g....!..|e.........g.../..F..U{O....=.ri...4....|s".u.....CN..Dz.hZ.k.v..0..".x..C...GQ.|>k.r.).ztz{V.D{z....[7..B.&#x.....uT.).{j>...K.H.9.9.".~......I......y.\`$ .gU..ii?.Vij#{)..[..#...DO..\.M).=-...hM.. e.x..j.=...2.o-.U..d@RX!..P..o.......d7..p..T....B..f....E...@.pGJ._.#5u....Rx.[t.#&..i.t$...PA.../..M.....^..a..4g..R&.A..dQ^9..t.....>......4.E.qQ......f.:_o.N.RWB..%=2g.J.....j...f.s..q.'b..&.}..j;PH%....0.du.V........l...'....+.p.;ea.....W..7..h.?.1..Q,.Z..6...t......])#...".^...|.<...p..T.W;K_qk...i..`.N..@7q....c.5.4...n.=(...r..B..K..v..';7.K_..c.."|.....{?..{s.ve.....Z...OX...HDq.....'..'^NbZ$..M...1.........O$....y...}z+._..../?....{......G.....K`.?.T.U;..K.f.h...]_..bU].)......cpZ...7..@...."P.P.B...E......{.......G.......[.B........I.p......Y.w.cr....Yd....n...6..>..Ws...~...........A:.~.b....1..KY.k&.@&..z:K7.....%.O#...F.#.is....g...1../.f..I`{i...hec...c.#..R...s.08....os.i.o...x....X'..*.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):166208
                                                                                                                                                                      Entropy (8bit):5.340930776721693
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:9+C7FPgOsB3U9guwwJQ9DQA+zqzhQik4F77nXmvYd8XRTEwreOR6Y:UIQ9DQA+zqzMXeMT
                                                                                                                                                                      MD5:1F313A3A5CBA2361B26F312565E882D9
                                                                                                                                                                      SHA1:BFAD540A0958AE79B8786394B302238B5B6F6A79
                                                                                                                                                                      SHA-256:511B139B7CE37D76E9D242EFE6E1303FD7CA747D19B64B6C672146BE300B6B27
                                                                                                                                                                      SHA-512:A99CDA29F6A51EB40960E9068CCAFB3F0F290E1750380C7B0B95B9C570405E1CBCE795B7283615FF7A49246C26AB9D023C3077DF9AC2556EA62C565C9A609D20
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-04-26T06:19:50">.. Build: 16.0.17619.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuth
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):0.09216609452072291
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                                                                                                                                      MD5:F138A66469C10D5761C6CBB36F2163C3
                                                                                                                                                                      SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                                                                                                                                      SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                                                                                                                                      SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:SQLite Rollback Journal
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4616
                                                                                                                                                                      Entropy (8bit):0.13760166725504608
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:7FEG2l+66lS/FllkpMRgSWbNFl/sl+ltlslVlllfllVcG:7+/lF6lKg9bNFlEs1EP/R
                                                                                                                                                                      MD5:08687339B859A518DAABB5A62A4DCCB3
                                                                                                                                                                      SHA1:A38ACBB6C2A5B91CB57C7A8EC49F996AA21DDEA4
                                                                                                                                                                      SHA-256:A357A2E63FAA5553B0A592F390B3F81DC1BB75B0F6B2EA8779DAC9C1F22C382B
                                                                                                                                                                      SHA-512:D5D869A19EA52AF5A492B90E3C5641E78216A7E185B17AA40C7A475591EC240D0710FD6D0DDE9704BFAE2D9DC22867E095C0E2A0EDD25DEE3637CD43FDCE98EE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.... .c....._.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                      Entropy (8bit):0.04482848510499482
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:G4l2O/rcblLmlY/4l2O/rcblLm/t8lL9//Xlvlll1lllwlvlllglbXdbllAlldla:G4l2O/Ibx/4l2O/IbY0L9XXPH4l942U
                                                                                                                                                                      MD5:7BA37ED7E6A28ADFA3AE1E2615658DBD
                                                                                                                                                                      SHA1:FF1DA127F5D7D7800178A37E1ECE04BC4963B1DF
                                                                                                                                                                      SHA-256:ECA57C6DC541DBCAB20E9752AC44D7AEEDE2FA352DE37F0999B7FE166DF8B567
                                                                                                                                                                      SHA-512:3F2935A764D0B80ED4C26ED63535A600C75D048503D39484F69714782F3870F5C2612BF123FFAC8AE1BCA2A8F17B3E59B54E5963C686C1443707439D9DA7B802
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..-.....................R.F'...u..9.l.N.....|....-.....................R.F'...u..9.l.N.....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):45352
                                                                                                                                                                      Entropy (8bit):0.3946348720885047
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KxaUGwQ3zRDX9YUll7DBtDi4kZERDN9rGzzqt8VtbDBtDi4kZERDv:SGwQ1D9YUll7DYMr6zzO8VFDYM
                                                                                                                                                                      MD5:6A7246446696F22331DA3A0605EF190A
                                                                                                                                                                      SHA1:65A2305CA71F1356E3CB0B4848657F6500568507
                                                                                                                                                                      SHA-256:CCC54352E0CA776A5D3FDD13FC451812AAAAADAE8BC0E3102778E94A1C5339CD
                                                                                                                                                                      SHA-512:5B2F12E77E7F64686330DE708527B5C4A127889204081BEA7E9B8E15891F3522496B0D30ADDEDC841C6BE06580393C3E8DCD54D7DADD28DB5934BD7B5533EAC6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7....-............9.l.N.n.....G..........9.l.NX..Q....SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):73728
                                                                                                                                                                      Entropy (8bit):3.672690707274855
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:TpoV+CegFIItKwh+sALw76yNXftBUlxrATdwyf3zu/b0nCUfhIc:9ow7g3WOPtulxkTdwyfEUZIc
                                                                                                                                                                      MD5:B0F2302286E680822FFA0C2DA1EB7362
                                                                                                                                                                      SHA1:68D761E22C69BC2C7720A1149E49E24E715020F1
                                                                                                                                                                      SHA-256:94B7BFAC09D51BD6E76A9A9AD8ADACCCCA276AF8F34CC46A5667F434A5B7FC74
                                                                                                                                                                      SHA-512:34FA3702BE964E14023FFB18B9BA03384FF6239EF842876F233FF89C01F41A628AE9015CE2E40FB14C448FB12100B1C94AAF4A0131AE080DDA92680179D728FA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:%..@T................V*'......Ge".^.........H.......H...0...0...0...............................|........^...Q.)..3}.J....V*'......Ge".^.............8Y...0...m.......................................................^...Q.)..3}.J....V*'......Ge".^...............................................................................................?<.~.........................................................................................?..................................................................~.............................?...........................................................................................................................................................................................................0...........................8Y...0...m..0...0..............................?........................?......................@...@.....y..-:..,.&..c.......^...Q.)..3}.J........?...................?..<.~......................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):0.04401584019170665
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:RRk//:Lk
                                                                                                                                                                      MD5:CD74ABACE8A00B17BD8107BC5982C21E
                                                                                                                                                                      SHA1:D53193CF8A43D766FBFA52976192F44D6B0F79B2
                                                                                                                                                                      SHA-256:B670BC07C9CB554511180DCF3F6A2C7818E8CE6E67B84784F0EA4D35EC61D516
                                                                                                                                                                      SHA-512:1B48A37FCF0F9FB9ED9B31A8F3E36596689BF1EEC6F41F5EFA3C728121944919CE7A81F0379A108D80AA051CFEF07DC296F9C0691FC8855983B2F29EC15C7FEF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):0.4935371079264069
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:NTcvzaelN/3B/GwJfabKmGDsrkYw1EVHuKmGDsrkk:Vcvzl/BOWmGw/QEtmGwz
                                                                                                                                                                      MD5:75D9C5543279AFFBAB6B3ABBC84E2CF9
                                                                                                                                                                      SHA1:AB8C79ADE1132365B8192E8285B6631FCCFDDC87
                                                                                                                                                                      SHA-256:9ED263CFDCAC33B9B2AE32FB46662622F07084AE740E2797683999B564066764
                                                                                                                                                                      SHA-512:C95D119C4DDEE281D02A4835DDFDD4CCEC4582F1CFA6E77E8DD9BB575C0DC56C1401BA8F50BDF5F9843324B8B1D32A0054F7C2426D32DE98B484603116D9103A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........~..................................................................................................................................................................................................*^.5F.....rC............................*^.5F.....rC.....................................................................................................................P..............................................................................5........m;.H....7.5N..........b...........b.&.r??H....T.N....N...^...........................................................................................................b.&.r??H....T.N............................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.740981190377394
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ym4pNa9/nUxz3LczExyw0LeABlkw0LbECLYcwEwLAJxPZOcA18LEGi:1rMxjiExyLqAgLfECEpEwcvR1O
                                                                                                                                                                      MD5:4DD577F08EDA969F3CA9CF541E5CBD34
                                                                                                                                                                      SHA1:62376808BF150C84622470FBE8968C4EF909E9EA
                                                                                                                                                                      SHA-256:C1CF7442C289191D8CDE1BEA6AEE59C4AEC4CBA459DD2E90F021E6FA086811AF
                                                                                                                                                                      SHA-512:9E63D6F92717D82BD9669DE295125554E5E7FC1977F79C77EC0D60DE2F30B9BF7A76B0CA92B1E4623165F9BC7B7CCF5AC3F113E7E03F6943F7243C33E26F3E2F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:j...(...`.......L..................................................................?....................................................................j...(...........L.................................%.......%......7.E{..T............>E[.&. NL....^...Q.)..3}.J.^....%......7.E{..T..%.....>E[.&. NL...........................................................................I.A.....I.A....2~..,P....{.......{...F..i..Y..2.......^.........................%.....I.A...{....^................|.....X.........2..............."...T$....X.T.R..x~.T%j........{......^...c..,0...e...B4.$..........C@RQ.H..B......Y............................G..I..u..(*4.^.......^...Q.)..3}..I.A....2~..,P..I.A..@,.G.3.,.v.....@,...{...F..i..Y...{.....>...........:.....%......7.E{..T....>E[.&. NL.....{...F..i..Y.......x~......I.A..c..,0...e...B4.$...........I...M.....0...............................0...........e....4..................T.i.t.l.e.......|{....B.l...R......(....Y......(...D...L.e.c.t.u.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):4.741068358185637
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:DsPiePYNpOSbXq41RiyeD3N6NAgLF419MPsZG1ld+18g:4kuSTv1Ri1n0FSMPs
                                                                                                                                                                      MD5:22E6C741B66FCF2DC0409DFCAF6AF6E0
                                                                                                                                                                      SHA1:EC268D53E79CC84246542556192299E487D8C31B
                                                                                                                                                                      SHA-256:DA6CA5A17F7CE79EA877B5598B036FAFEB26137312ADA7FCDD4B71016F50F7D2
                                                                                                                                                                      SHA-512:DD952BE8C645BB7A7FE9CA61162BF7227A62B4654476213BCDCC045D1E99715C5B54E4AD225D9479C58172ADB4F8E74E0CAE1D25F25084A816BB349FA0AC9201
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZd..4...d....F....p..Z.d....F....p..Z.d...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............kT.R^.,L.-........N...^...................\..D.[................>...............................$....I.qk..B.....LZ..............kT.R^.,L.-..............kT.R^.,L.-.............d......d......d..........................................d.j....d.T%;..d......d...W..d.H....d...+..d...S..d...........Z4...........................................4../4......p...............C.a.l.i.b.r.i..................d.:d.kd...z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40884
                                                                                                                                                                      Entropy (8bit):7.545929039957292
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                      MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                      SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                      SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                      SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):4.427250202293727
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:/sQZsBKK0fD76rQKo8L+09vi8oQRTuRVt1BgNcXqwOMRkrh/aAzNiWn9TMcjlje1:0mB8Qt4+043QRsVt1i0qaRkrFaS39
                                                                                                                                                                      MD5:A8EE8CB4406016E2D3E052C16DC02633
                                                                                                                                                                      SHA1:79C7B35064A3DC7C3273F6DD2925A5173E84BA31
                                                                                                                                                                      SHA-256:304B96A882AB24A2514E98F72B869CB0A0B4503CC71F92FF6BCDE9AFDE059C5C
                                                                                                                                                                      SHA-512:850F8B77F3A84EB9B211727127D2171F0AFAA744835B8297EE4A758BE6035CC23FB072EFAB856127D1086B047DB33354E9CD98E298EEE949845030A06AAF3115
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v........ ...)..2...>...B.......v.......@....(...........................................................................................................................................I.......I.qk..B.....LZ....H...........2.w&.H.........2.w&.H......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............|.......%...o#]p....N...^...............+..K.M.J.|'..._............................................"....I.qk..B.....LZ............|.......%...o#]p................................................................................................j.".....T.................T............. .A............. ...........3...:...8.....z...y.. x.. ........ ..$...$........D..........7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.5........................Z4...........................................4../4......p.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24268
                                                                                                                                                                      Entropy (8bit):6.946124661664625
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                      MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                      SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                      SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                      SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):4.641893341262964
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:/s49sIhx3ywVWuXK9hjnGYv15weUniL+7B6Xs/WSRpC577KTpxWr/A19APANYA:0Z2x3yKanjGYvkeUnT1Us/WSRpjdx8/i
                                                                                                                                                                      MD5:5F3EC0854FF5B7EF7545FF185C91572B
                                                                                                                                                                      SHA1:93000AF37EE8821235CF9EF93CC7E228F26437D4
                                                                                                                                                                      SHA-256:C70914C506C22078ADFDB5F7AEEABE56B6EEBACA10DC477624CA378723C15714
                                                                                                                                                                      SHA-512:470455C59BA5A0796E5D0EC0957DB340F18053859C631A0D7E7F6EF6E456B59F5E6E6CB2CFCE997C31FF9C6B3BB2888F3B6A518C840F5AC9C7F4542E7ADFFC5C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...6...z...v...N.... ..X,..2...>...........v.......@...H+...........................................................................................................................................3..N....3..r.>.,Gk.C...I.......I.qk..B.....LZ.3..r.>.,Gk.C...3...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............R...y...R.r..p.....N...^................3..v.6F..../..(............P....................................I.qk..B.....LZ............R...y...R.r..p...................................3.......3.......3...........................................3.j.9...3.T.....3.......3...s...3.H.....3...0...3...`.&.3...........3.3.3.:.3.A.3.8.3...z...y.. x.. ........ ..$...$...............7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.1................Z4...........................................4../4......p.........
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):39010
                                                                                                                                                                      Entropy (8bit):7.362726513389497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                      MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                      SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                      SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                      SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):3.9377703612737327
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Q9sbj6L9vjjoaCD1gsPMReLksMPDNXEdi83wqUxMwY8SAUhXr2ey4DHg4EA:Zbj65vPOD1NPMReINEdiWwqUmwPjgtyE
                                                                                                                                                                      MD5:3D02E9E974057758A1CF3211C69FEAD1
                                                                                                                                                                      SHA1:7F4189FDC2C8CCB9F430D48BCC5B850EFD5F0137
                                                                                                                                                                      SHA-256:88ED2AB170EF9BA3FB15EAE93FBDAD360E69A63874FB5BE73DB72006267C7E73
                                                                                                                                                                      SHA-512:4ED7CE94A38BF011E170B905B72E9D5F1970009A2039DDA9AC0E731A83D7664AFE5007A5470FD0E542C51826A7C9E2ADDBD868B7D853DA90E441C77AFDDF7881
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....>.......B...v.......0 ..x#......>...........v...^...@...h"...........................................................................................................................................I.......I.qk..B.....LZ.m......m$a.V...^...,..m$a.V...^...,J.m..#.2.Ag.9k..R..].#...I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'................w....fT...=....N...^.................xI.? H..K..W.N........b...8....................................I.qk..B.....LZ...............w....fT...=..................................m......m......m.........................................m......m$a.V...^...,J.#..8....#.2.Ag.9k..R..]2................................I................................mj.#...mT.G...m......m..Q...#.H.....#.......#.$.7...#...........#.!.#...z...,4. ............................"......$...7...............T.u.e.s.d.a.y.,. .J.u.l.y. .2.8.,.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):59707
                                                                                                                                                                      Entropy (8bit):7.858445368171059
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                                                      MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                                                      SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                                                      SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                                                      SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):3.8638336147820063
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:7wsbWVClpGHait+moKcCXuK0RlXzIC4gvaE+N9qZbGy/fro:ZbrlgaiUmoKc8uK0Rl8C4E+PqnX0
                                                                                                                                                                      MD5:BB2DED4BCDFB04A3CF28BBFF8F480DDC
                                                                                                                                                                      SHA1:839D2612BFA0EFC15488C8FED78C0A4C4B6BBCCB
                                                                                                                                                                      SHA-256:E0585DE892EF0A387542492A704E92B94F3E8F844D971992D2D3E7AFA03016E7
                                                                                                                                                                      SHA-512:410364956DA3B059AD95B5F584B0B88C6B6093FF08E409DA57EF26A6824D9D40B58D5AB23858D30B6312ABB1D0E7FCDD3657582DF41ACE5680E24BA6A9CB8F18
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v........ .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZ.<8.<....<8..c.....gR..<8..c.....gR..<8..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............QJ.BQ.<Mu2.g......N...^....................owJ....;.s.............................................D....I.qk..B.....LZ..............QJ.BQ.<Mu2.g....................................<8......<8......<8..........................................<8j.....<8T.T...<8......<8..|...<8..;...<8..h...<8......<8 .W.....'.<82.<8..z...,4. ...."......$>........4..p..7......S.u.m.m.a.r.y.........................<83.<88.<8..z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.9..............<8
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):27862
                                                                                                                                                                      Entropy (8bit):7.238903610770013
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                      MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                      SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                      SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                      SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:big endian ispell hash file (?), 8-bit, no capitalization, 26 flags
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):5.345246818643987
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:vnapN9oAw0nok7XxkyOUvrC15pbYWASKY0asLj8jDRZdGI5yfDWggXXg:v0NokVkcZ2Pk6z
                                                                                                                                                                      MD5:FC1ECE03D0B20613B689295EF0A1D718
                                                                                                                                                                      SHA1:C63832912F52077F15003051C46129CF1E2F6216
                                                                                                                                                                      SHA-256:12E49538098291344804216312425CCA30129099A43CC43FD4F63BA04F03E230
                                                                                                                                                                      SHA-512:74B7B61794685F225E0E97E9DE42A5C1786F115371D49432E5E457E9C2236DB4801F3C21276DAF2C7CA7B948A56C81DC815859F2759E9CF151231E24EF7CE3F5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........`...........x....@.. !...M..............................@K.. !...K......................................................................................(................K.. !.. L..............#.......#..v.......)..N................9....:F....+P.o.*../..............v....Z.a.......p.......8.B.....p..........a......a..................................................\..T.......T.S..'..T.....?"T!d..h5'T.....9T....0.gT!....sT"0...........0...........e....4.........................A..:4E.2..p1......(...`.i.....(...(...B.a.c.k.g.r.o.u.n.d. .-. .Y.e.l.l.o.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.1.9...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e....?"......?"<...B..A!..T.^.t.....^.t9.7.J.....}.2.......4...........D...................-j..\....?".h5'...)...............0...........e....4........................yf.....F.Q.........(...pO;.....(.......S.t.a.t.e.m.e.n.t...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.076910012448379
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:bQsDlmk88nhtLtsEau8PXHW9HK1hGToyrdHrMI7SdXexKtuxgTKQupM:8sM8nh3sEauWX290GTLRLUx
                                                                                                                                                                      MD5:22BD789906070E4736129DC2C1AFD56D
                                                                                                                                                                      SHA1:F837CD0F398BC831B08F6E486851E2DEEE6536AD
                                                                                                                                                                      SHA-256:68E813EE849FDB1EBFB7C1B1EFA436EDB5BEC94CE1DA7477CD0994C9A1A6D6B0
                                                                                                                                                                      SHA-512:BB1597CB6A7FE37BDEB1AE3F494283CC164C3BB110D80DF752DBEA935C70A54624D7120067861C62AFA75EF972D53A5F0502DB637981E2A1DD6702CA115ECCB6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>....... ...v....................................................?....?.............................................................................2...>.......|...v...H............................I.......I.qk..B.....LZ..%.......%.....+...u.']..%.....+...u.']..%..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............q.......!.B..z|.....N...^................n....J.k_e#..2........f........................................I.qk..B.....LZ............q.......!.B..z|.........q.......!.B..z|............%.......%.......%...........................................%j......%T.]....%.......%..B....%H......%..B....%..>.)..%..J...................;........4...4...4.."................%...%...%..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........%.......%....#..%............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.094336212767361
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:O0sIYx2hwaNSctQRtotMEfmPX/c9u8GJTo0rdqrmInddXNxAe4ky6eBeNx3Ka:dsP2hwaNSc0t6MEwXE9uDJTtRyPdses
                                                                                                                                                                      MD5:5676C5B5268A9CB374B8043B0798497F
                                                                                                                                                                      SHA1:82D6570836BE39D3648754E4639DC376DBD6713F
                                                                                                                                                                      SHA-256:0A869B91ACBDF9AE19387C430E4DD0A9E59D3837032B1A083492927E8D2665F6
                                                                                                                                                                      SHA-512:191F55C0F4CB086DBD884E5C23E08711EC9B405E8EA46915715A11C1A3AD9E9EAA9CD7D45B4EF355E455D29FE8A205092E7EFE4A73391E11C4541A5D3EEA6DBB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ`.......`..s".......R..~`..s".......R..~`....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............R.pp....#...0:-.....N...^...............(.WD..oK.}o..Q.........f........................................I.qk..B.....LZ............R.pp....#...0:-.........R.pp....#...0:-..........`.......`.......`...........................................`..j....`..T.]..`.......`...B..`..H....`....B..`....>.)`....J...................;........4...4...4.."..............`...`...`....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........`.......`......#`..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.081239289103376
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:8YVP5sXWyb/dSY6UtnQEE3pWXw9cBRFToMrd6rjIJdX2CaJSBhH0JA1SDg:FspVSY6UrE34Xw9cRFTFRi6seg
                                                                                                                                                                      MD5:0E7786715BC6CD5787A74DEE22FF0996
                                                                                                                                                                      SHA1:235525DEB5866443BB87AEA67042B49C3B23270E
                                                                                                                                                                      SHA-256:6A361C712E401DE97B761409ECB97E59E5691DC854A397DF824A2E3FC80DF35C
                                                                                                                                                                      SHA-512:2764B0ABAAB07EC650C61DB9B67B9E716B1E4C0AA4EA7E8C7DD841A0C8E62D5262DDE7A9392E0D97325EB33460D7A793957640F79FB1430D23D7300DDE28C814
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZE.......E....-.......Z=ZE....-.......Z=ZE....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............c.!.7.H,.D >....N...^.................B..(2E.7.............f........................................I.qk..B.....LZ..............c.!.7.H,.D >..........c.!.7.H,.D >.........E.......E.......E...........................................E..j....E..T.]..E.......E....B..E..H....E....B..E....>.)E....J...................;........4...4...4.."..............E...E...E....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........E.......E......#E..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.076270114141623
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:5spzdlRkf9hEbXM9hO3TLRrtR5dmBu+/Go:5spzdlRXbXM9k3vRrtR5dmBu+/
                                                                                                                                                                      MD5:60DB10123097888581F4CF209AC1938E
                                                                                                                                                                      SHA1:DE8FCB20516B011B95900FA92DEEBC21875D91E9
                                                                                                                                                                      SHA-256:32A7F1F3AC0A8A551E72F9C2B6C61772BB885F7C6FF4E349679DFBB471753424
                                                                                                                                                                      SHA-512:3C7173F342C4FF606A177D0418D29A54A78C6E9A412C742A9B7E56BE3F21072FC7A5AECB8F4D1D8AAE83CE62B8930738AFDA61E0100D7EF4A17399331A47F56F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ..i.......i`.kp..8.:..at..i`.kp..8.:..at..i..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................|5.'...........N...^................4.6..N................f........................................I.qk..B.....LZ................|5.'...................|5.'..................i.......i.......i...........................................ij......iT.]....i.......i..B....iH......i..B....i..>.)..i..J...................;........4...4...4.."................i...i...i..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........i.......i....#..i............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.038481850628888
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:F/s5GZnrCEKU0t6hkEHhQXQ9nWfL2TofxrdqrNIOdXK/Ga9Jwg:F/sSnWEKU07EH+XQ90L2TaxRyzA7w
                                                                                                                                                                      MD5:83BEF6F2036DA87D942C5CEC273724A0
                                                                                                                                                                      SHA1:9B23101480793AF70F6ECAE41CC9BE0EEB3A67BC
                                                                                                                                                                      SHA-256:36A9F58717232C89EE07012504CA83D73D62F201B97F0A8753589B89EF10317A
                                                                                                                                                                      SHA-512:6AEE0F230065DAA4F9A334A91F9D17F86C19D020C854B526F32662A5B47A361911B5A2ABF26DB5F8464A9C3CE881F888BF28A623D73B672E224EE2289FBDD3AA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ...................`..............`........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................k.....a..C.....N...^................h....;I./.-!MuJ........f........................................I.qk..B.....LZ.................k.....a..C..............k.....a..C.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.049766524245263
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YFsVw9T0b6u+tjKmEE3X89NgToG0rdDruI8dXT0tRc2KO:WsqT0GPjE2X89NgTGRPcZuK
                                                                                                                                                                      MD5:B79F3B5C0BEC3C2245F94DDAB4297623
                                                                                                                                                                      SHA1:5C30B8742622ACD10641BFF76D1294CB8AF50E84
                                                                                                                                                                      SHA-256:2B7BB84EFD6541D02778E2A133BE9EC590E3B2AC2635CC38BF66D95F224A3134
                                                                                                                                                                      SHA-512:728949355362697FD7979544CACDA21DE494EEB368AF311C059EE48940B011E3E66C8E6829971F3641DFD27367FAD3452C494F01DFF0729FA8C44073C5A65A91
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ.\.......\...G.=..=....\...G.=..=....\...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............x.*S'.......^e.....N...^.................Z9U..L.M...0..........f........................................I.qk..B.....LZ.............x.*S'.......^e..........x.*S'.......^e...........\.......\.......\...........................................\.j.....\.T.]...\.......\..B...\.H.....\...B...\...>.).\...J...................;........4...4...4.."...............\...\...\...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........\.......\.....#.\.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.068090087443311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YfvxsTi0QL8sxXxt6qNm3SEYwaXTQ9hmqTogrdmrTI9dXzFRTL8p8rlH/V:isQxXxsuNEYXXTQ9hmqTNR2a5
                                                                                                                                                                      MD5:9C50D37021C57837BACE8BE2BB8F9B8C
                                                                                                                                                                      SHA1:737986F266ADA667BA6AAB6DA6F97128A8CEB299
                                                                                                                                                                      SHA-256:D870FB43FF580BF9F9C4C994315CEAC17DCBEF5AEE8C586A1E9A29AC9FDAF537
                                                                                                                                                                      SHA-512:C26B94EF0FC7BABC1146ADC8AD1D2697CC44366AB4A677FB8621987862A9F18E03A644C4AEEDEDB4F17CD6F80D1EBF29E8B74FB89381083D1FD719A765775E4E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................!.......!.v..*...W.,o.s.I.......I.qk..B.....LZ.!.v..*...W.,o.s.!...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............5.C..J.5Y...F.H....N...^..................66..M....nl!.........f........................................I.qk..B.....LZ.............5.C..J.5Y...F.H.........5.C..J.5Y...F.H..........!.......!.......!...........................................!.j.....!.T.]...!.......!...B...!.H.....!...B...!...>.).!...J...................;........4...4...4.."...............!...!...!...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........!.......!.....#.!.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):3.9456700030764873
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Y0esmABjqnvm3tKiEn6r9XNe9KQ4TofrdvlxrIIJCdXMNRdIa/F:7esBjovm3rEoXo9Z4TGRHbCg/
                                                                                                                                                                      MD5:16FA9318D4AC04BA1A7B73BC6C1F61C1
                                                                                                                                                                      SHA1:8487656DABC1A11890476E7BEA6633D3BD7E8F9C
                                                                                                                                                                      SHA-256:22F9F36A50A38A9D4E7BD9F84A4D1C1F893A2B5A2514CA182F8850BAAD42CD80
                                                                                                                                                                      SHA-512:7F6A68EBC8F719380904D6516F6ACF1DB20359E5357334596BBBD40B3B851A83D9CCD5388724DB7B6177F3156D67BECEDFDF23B2478C8C40CDC18A75E924D00D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J......................................$.4....qF..y{.I.......I.qk..B.....LZ...$.4....qF..y{.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............:zF.....0h.p..s....N...^................1.....G..S..h<.........f........................................I.qk..B.....LZ............:zF.....0h.p..s........:zF.....0h.p..s........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.037323697551875
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YxsxXb9mDyfetiSEXgZsXY9lxN8TobrdPrhIIdXAFRn3c6:Ss8yfeTEXgyXY9lT8TaRjNQc
                                                                                                                                                                      MD5:6FDEBDC99D7AC6ED2571C1B4C2FD5D83
                                                                                                                                                                      SHA1:5CC91B6337F14287AFD60266F05E8A2F2C1A2109
                                                                                                                                                                      SHA-256:5C948A1006B1E370D123F5DB76FD813AEEDC919F4649C2398C3AC5E3FE97640F
                                                                                                                                                                      SHA-512:6AFE7660615C87CA0702E41CA025EFB19F491D295B131AAE3CE8C83BE43637BAF672A2069D6952F6C6A8F654A0353F052058249CF7CAFA9B6FC760893F013A09
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J...........................#.......#..z.=..:.P.....I.......I.qk..B.....LZ#..z.=..:.P....#....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................ .j.....@...w....N...^.................1....L.....=.Z........f........................................I.qk..B.....LZ............... .j.....@...w........... .j.....@...w.........#.......#.......#...........................................#..j....#..T.]..#.......#....B..#..H....#....B..#....>.)#....J...................;........4...4...4.."..............#...#...#....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........#.......#......##..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.094960175860467
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YHyQs7eZc9UGtn1A+E86XHs9AzEmToxrdQrCIR8dXSFRsF8l:CsdUG9FEjXHs9cEmTkRI2S
                                                                                                                                                                      MD5:C4191334CE27B1C07A52654B744A6747
                                                                                                                                                                      SHA1:24213116E0FB94C0BF8DB361CDEA1DEC31B0F323
                                                                                                                                                                      SHA-256:CD94A0CF8B6044B5013989070D6AAD1C096EFD27A3A1B9F4661FA945D2A9BC6C
                                                                                                                                                                      SHA-512:3DABD6DCBE7DB5105BC54FF7DB84A9B721EBD214F9793A0317BB29261B62B4DAB3A40CAB04871E7CAA795FE020D4F9755EB32CE95A0F4A35D5E07E229293D3EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ..........bj...w=&.1G....bj...w=&.1G.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............A.Q=7....!.y{.d....N...^...............dqDJ..{C......j........f........................................I.qk..B.....LZ............A.Q=7....!.y{.d........A.Q=7....!.y{.d....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.07054113445236
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:6sNoSO9JYz+7Ef9XY9dmTsRfwyDSIbVl:6sNoSO9JYBVXY9dm4RfwyDSIbV
                                                                                                                                                                      MD5:10FDC047448ACEF574616B59A81CE500
                                                                                                                                                                      SHA1:C3A98D80AB867E7BE4D1B6F49194EA25D22C2E51
                                                                                                                                                                      SHA-256:CD30C97787724815F3E78C6A7B8FD5C9AB7D5C546E616E086C7D01C33ACD6ACA
                                                                                                                                                                      SHA-512:37ABFED3C1BEDCA3D68DA813BF2BD21F080C736AE2D5E33E027E8AAF9533B6A1C64395EC7C2E684CCBFB60F9A4A93BBADFD2A6CBB804DB0E7FBE5C4633EA6274
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZuk......uk...Pt..o..4.uk...Pt..o..4.uk...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............6...5......,g......N...^...............T.gkFo{H..t...=........f........................................I.qk..B.....LZ.............6...5......,g...........6...5......,g...........uk......uk......uk..........................................uk.j....uk.T.]..uk......uk..B..uk.H....uk...B..uk...>.)uk...J...................;........4...4...4.."..............uk..uk..uk...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........uk......uk.....#uk.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.096992569740122
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Y1syrhRqyICrtGmEFn0XU9D1QTo3rd2trc/IcdXU1RyqLCqjBh5:msyXqHCrbEF0XU9hQTyRecDHqLHjBh
                                                                                                                                                                      MD5:9CB0AA2C67D1ECF73CFD5E5CEF3A31D0
                                                                                                                                                                      SHA1:E775DF98A7EA3DD2D1EADF38915E38E23CAD9BE9
                                                                                                                                                                      SHA-256:DF574B4BE9B254100F0E685013C227D7C30416900FB39A391B05C24008B9C757
                                                                                                                                                                      SHA-512:D0543701A86112018EA47EA01272939D245617705BEB18482C3AD023AE70F82395A93865225048067A1848E5E862206BB9FB649B27BBDA1D1E8B31805CC026B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ.b......ba.2..=.D.%.].ba.2..=.D.%.].b..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............G.V?.....|+.R......N...^.................z..O.....UM$........f........................................I.qk..B.....LZ.............G.V?.....|+.R...........G.V?.....|+.R............b......b......b..........................................bj.....bT.]...b......b..B...bH.....b..B...b..>.).b..J...................;........4...4...4.."...............b..b..b..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........b......b....#.b............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.09611850265089
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:1siHABgEIkTtZtsEtFX096LFUTo8YrdfokrBI4zdXiCknJoMlMa:1sskThsE/X09mFUT0RfHPzfOHlM
                                                                                                                                                                      MD5:CF7D220145CB44885E0839B105D89986
                                                                                                                                                                      SHA1:98383A6DF96620E9455C3633059FCAAFA794E13C
                                                                                                                                                                      SHA-256:C03B107BCA50DC3E76080CF6CC60D67472CABF96F37C602D8A58C1648549AC97
                                                                                                                                                                      SHA-512:2EBE5426341DC88D84A0389A0C71BDBF214F9AE31B87859BACEA26BFC2C23A0855A2D0C167170753381AB63246098B67F4CAB559747ABCC52C03176875928110
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ#DW.....#DWp...=......4#DWp...=......4#DW..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............K....."....6......N...^...............z.."...A..l^.W.M........f........................................I.qk..B.....LZ..............K....."....6............K....."....6...........#DW.....#DW.....#DW.........................................#DWj....#DWT.]..#DW.....#DW..B..#DWH....#DW..B..#DW..>.)#DW..J...................;........4...4...4.."..............#DW.#DW.#DW..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........#DW.....#DW....##DW............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.07482800928492
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:LeGsAfhBIA9GtZt5iEno3iX89WHToqrdlrYhIzdXT5D53iNkwE3iIpCa:hsWIA9G5YE1X89WHTrRpnzp86BI
                                                                                                                                                                      MD5:27D2392428E2C66C1AD27DACE7F82943
                                                                                                                                                                      SHA1:8A8D2654DC92904AE317A653DF87EBD227C9D394
                                                                                                                                                                      SHA-256:21DD3865651D95B7D43C71B45C746704C1C7565F50589388852FB4C0A5EDB561
                                                                                                                                                                      SHA-512:188C049F99FF5330A3DC9A9229F66EF9BC58BF829675C6E27ADB10DDF8D46A50AD9AC6B19827825D37204B913EA7B0BD678937A6A7857B33A751D83AC50B176C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZM......M.p.1o.<X^.?..dM.p.1o.<X^.?..dM...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.......................5.s......N...^...............'.a~8.B.)..e...........f........................................I.qk..B.....LZ......................5.s....................5.s...........M......M......M..........................................M.j....M.T.]..M......M..B..M.H....M...B..M...>.)M...J...................;........4...4...4.."..............M..M..M...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........M......M.....#M.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.084348226774586
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ps0s2jmh/X6za6mmtYoKItQEdKIXvI9c3O7To7rddr/InQdXwATkqXABOUj+dS0a:pDsC/a6mmMaQExXw9CkT6RRWQZTk6S0
                                                                                                                                                                      MD5:D05B71A4AA76A2A0AE1BB03684078ACE
                                                                                                                                                                      SHA1:25BEACB597F47F906CB1600BE18FFE4BF2BD4334
                                                                                                                                                                      SHA-256:9BAE0F5B588B8228766FF0B2FEE2A905A58EF72A914D9852D81B1B3EB3C56620
                                                                                                                                                                      SHA-512:B99610923831DBAB05A11C47DB6ED2020C661F7B8BCCFC9D08F0B604678B5C07DE0158F1AA2E3628FBB257BFD5209D3D6681905754FFB9046DE019F0BBE1938A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ...........%r....s..dQ.....%r....s..dQ.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............:...lM...0.x.......N...^......................H....5...........f........................................I.qk..B.....LZ............:...lM...0.x...........:...lM...0.x...........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.131900141509632
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:6slnOJM27iDSu02E6XM9hznTvRvLfOZJxb6:6s927BuA6XM9JnrRvL
                                                                                                                                                                      MD5:B7CB90E0853224676BBD58707C487CDC
                                                                                                                                                                      SHA1:00146CAC6368CC3926B034C9ECCB9AD6C6A79FC1
                                                                                                                                                                      SHA-256:6D20332BB30B2ED7A28FDFC3F50F4F3BA91C6F345C6EF37E9A21574E66AD692E
                                                                                                                                                                      SHA-512:59CD5E1036B3FFD735307C3908CF18A331D2D3847A3A090D2C5EB2ED5757A541412CAC09BE45026BD25F22951C7EA98351F59000BB861E8103B85497BF67C68A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ...........~.P........I....~.P........I......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................G......2~..c.....N...^................/-....B..o...R.........f........................................I.qk..B.....LZ...............G......2~..c............G......2~..c.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.172238253541572
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:GsTm+Zenit/ZtVqEPlOAIXrI92yHfTotrdQrSRIJdX1bx1Zly4Vbig:GsJeniRTsEPMXM9T/TURIvjz7V
                                                                                                                                                                      MD5:5A6FE98EE692EAB4AAE0E86724BD2761
                                                                                                                                                                      SHA1:A2E25CECF5720B12C6FFFE423FB041BD9918B9E3
                                                                                                                                                                      SHA-256:B28090FE8167FB4CDE8E70C8A9D3BF52A42F9BACFF430B6865D2F0EDBF330267
                                                                                                                                                                      SHA-512:F41711910EEEEE8726FCD1359C073454774FC759DA3F44277F7B1DBBCF43D253452386E45C3F5F8808E19E8B07ECD8018566735D970E554CB47501433C7ABDF5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZvs......vs..(..=...B~t.vs..(..=...B~t.vs...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................&.......^......N...^...............m^.....I...8............f........................................I.qk..B.....LZ................&.......^..............&.......^...........vs......vs......vs..........................................vs.j....vs.T.]..vs......vs..B..vs.H....vs...B..vs...>.)vs...J...................;........4...4...4.."..............vs..vs..vs...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........vs......vs.....#vs.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.134589252181396
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:NsJ8HTaXFEBA76X89yTaRK63HRH3HdH2HRm/HYH:NsmzaiA6X89y2RK63xX9Wxg4
                                                                                                                                                                      MD5:D1271F9EDEAEE96CB3CCC19A4EDC207B
                                                                                                                                                                      SHA1:016F1ED947AD07726FB2BA7E5FF185B46F254A2E
                                                                                                                                                                      SHA-256:4F0B863EDE0C3FBDBADB2D12C7FA608CFDFC6C4E61E8955FE49545B00EABB8D1
                                                                                                                                                                      SHA-512:8DC0D328E6B68DCA4A517B2E200F8A5018CE8FCC324CD67C6B7FC6A888A6EBF7207711B5B358C02722094E5C2CA04D4D50FB1B580AAFE9E1CCDF8367FA8E6771
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.............W.......Y......W.......Y......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............0........>.$.....N...^...............sLb.^[.@...k|}h.........f........................................I.qk..B.....LZ..............0........>.$...........0........>.$.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.138705050192552
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:j3wksaXweYpt6tS5VGE7CWXXOr962HToQrdSr2IxdXWCExNo4V:NsaY36E+E79Xk96QT5RKJI1
                                                                                                                                                                      MD5:5CE714D7E699B20C8583341537010A90
                                                                                                                                                                      SHA1:E2E400066617E99A2436E532654F5DE27DECCC81
                                                                                                                                                                      SHA-256:C998398B420D037B2810EA8A20E491C5274A3057AE42FEF867184FE7063326B1
                                                                                                                                                                      SHA-512:7EA1A5C13E583E653F0BFC61694100F074AC1B044589A78B74624B715682D25E9F64687D31A58F41265B17D047264B4113321365747C16DDB5CB54DCCA79B055
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ............#d6.(&..........#d6.(&...........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............8Y....I.+..7+.fv....N...^.................%.=~IA..u%L.V........f........................................I.qk..B.....LZ............8Y....I.+..7+.fv........8Y....I.+..7+.fv........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.138003548264813
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:u6sdqednxkt4SEEC/1X5W9sroxTo2rdSrBDdI/dXB8xg9w5:u6sdnxkBEE4X5W9NTfRKBDCw
                                                                                                                                                                      MD5:205E289206A94CC981D4CC46E96BCA4E
                                                                                                                                                                      SHA1:A8C45FD847E9B4148EA7E30F4D852C044CF036CE
                                                                                                                                                                      SHA-256:33D85175F2F4BDF321743C9ECDC1BA35199E26268A4A6AD1E186ECC605080367
                                                                                                                                                                      SHA-512:049045E4C1F8A71CDD9D5BDDB49680D3CBFCD0490C59E70C500F192F1B90F92D28416A4F1A6373BB24831324D6B2207B05602EBE65E576818C121B7AF0F131EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ...........|........M.c...|........M.c.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............)./..G....,O..j.....N...^................r.9...L.....~n.........f........................................I.qk..B.....LZ............)./..G....,O..j.........)./..G....,O..j.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.107905641015744
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:45kseZrGJMFE2RXE9hTjRKT8S3ralSgn:45kseZrGJh+XE9hPRKv3ralSg
                                                                                                                                                                      MD5:2C52288E53C899DF18924DA6F0B5E93E
                                                                                                                                                                      SHA1:284BFF441C7AAEC90BE4E0C4B71F4FC47EFE4E40
                                                                                                                                                                      SHA-256:583072049B1F0CC9C322FF644B1908DBBE61A52E917DE6C1022649AC8551E7A8
                                                                                                                                                                      SHA-512:14623D6D313F126E22BA89D994CC82C6311C4BD7D81D66D242A83250758A1E06BCCB0B8584F4C72513A42FE9C788913482BC4134C3709378FFE5FF6DFC0AFB14
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ..w.......w.78..5ig..v....w.78..5ig..v....w..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............i?......%..".n.....N...^................<<~i.>N.N._..........f........................................I.qk..B.....LZ............i?......%..".n.........i?......%..".n............w.......w.......w...........................................wj......wT.]....w.......w..B....wH......w..B....w..>.)..w..J...................;........4...4...4.."................w...w...w..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........w.......w....#..w............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.150959036755219
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:sbVGBsR0npneCsrtjoziEG9CCZXXk9nP7TokrdSr9Ih7dX95HsTcpUdsYAHI:sbV2sLjrhPEiHXk9DTVRKk5sw6dsYAH
                                                                                                                                                                      MD5:55D02E2583B9890CA7B2A36D7E9432B4
                                                                                                                                                                      SHA1:72F29C6FA4B8C7CF4F3505B08CA2BA8F1A85C0F9
                                                                                                                                                                      SHA-256:EA2C23181A02904F09971453CB0DA6094ADD05A51807E61325F7317409223DCB
                                                                                                                                                                      SHA-512:EF6ECC346D77C2E855C1D14CB42F6A5D631B7F0CF77389599495C801F3C456D0A2FC23554853AAC0D7E1963E7B8AB0EC12D582EE04318276A84960DD325C77F8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ...............<Y..9........<Y..9......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............k..:.9L.,.....9....N...^.................j...E..IXD.Z.........f........................................I.qk..B.....LZ............k..:.9L.,.....9........k..:.9L.,.....9........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.141565831132106
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:9Ar8Bsp96g4Ez5tIL+EnpDCZP+XQ9A44To9rdSrNIqdXOe0GsC:9AoBsvf4q55E11XQ9A9TcRKHhs
                                                                                                                                                                      MD5:907845816F875B1CD66DBDA2F3232836
                                                                                                                                                                      SHA1:7B0BE3A992D7798D11B974920D326FA752CC6791
                                                                                                                                                                      SHA-256:A7E672627D4DA72F275229978563EA6B686A21881B89F0F635F4B947410EB20F
                                                                                                                                                                      SHA-512:766B9A26E35A54597378FDCD2282A184A5A9AF266EE4D7193A859F5CD97A0847B36C827F64F7959BF9C215B21DD40E08A9C1A564D12D80B5716507988B6C5FB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ:.......:...V],.'.]%."..:...V],.'.]%."..:....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............V..?...0.{..._.....N...^................+.&P6.L..t.Y.........f........................................I.qk..B.....LZ............V..?...0.{..._.........V..?...0.{..._..........:.......:.......:...........................................:..j....:..T.]..:.......:....B..:..H....:....B..:....>.):....J...................;........4...4...4.."..............:...:...:....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........:.......:......#:..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.12806027363275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:OisMz59T0dFJ0zNtsOEmCKJXM9joTosordSrAI2dXimYFX+F:Oisqp0dFJ0B5EmHXM90TERKgq0
                                                                                                                                                                      MD5:ADAC1935CB488E8BA740253EE10BC94B
                                                                                                                                                                      SHA1:0D0762E5918DE6C32D96E018E248E151DA4560E4
                                                                                                                                                                      SHA-256:9013C92A9994C03FB2BE3CD65A37982580AE8677C7E69C2C06BD071F43996996
                                                                                                                                                                      SHA-512:A62833E157CBEF594B21C950B0CCAF531636C63B335E8CEF15FD57AAF895299A9F067DACAC24255CC3F88F829C24F14F9DF90A69CDC838D9D6BA3683A2662CFB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ'.g.....'.gf.s..4...)..'.gf.s..4...)..'.g..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............w..y.J....e... ....N...^.................o...K..p.U4..........f........................................I.qk..B.....LZ............w..y.J....e... ........w..y.J....e... .........'.g.....'.g.....'.g.........................................'.gj....'.gT.]..'.g.....'.g..B..'.gH....'.g..B..'.g..>.)'.g..J...................;........4...4...4.."..............'.g.'.g.'.g..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........'.g.....'.g....#'.g............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.131977326692842
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:K0sg1I95o118tnyoElCC5cXI9mNToSrdSrmIXdXtN0QR5oR7ItLjyV:K0sg6K118BHElCPXI96TfRKPNKR0tfy
                                                                                                                                                                      MD5:6FB8E4954A5C6ABF668BE3FA528717AA
                                                                                                                                                                      SHA1:5446E82257E04B02BF845A16CEE80D3DB917A17E
                                                                                                                                                                      SHA-256:C3D51BC986757E19E35D74DBA056F594E6BDF9012D571D6CBB2726DE0E417F1B
                                                                                                                                                                      SHA-512:C8AE2F9DBBD769931F29824CD82651D6CF90BA4AF7F6C121EB179DDA1D6584EE4237230EB7645AA5235CE19D59A709F1E89D1DB827BE02850234D70A1CB36268
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ.6~......6~ R...7...-...6~ R...7...-...6~..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............gP3.c.).9...;%.....N...^...............(e....s@...K............f........................................I.qk..B.....LZ............gP3.c.).9...;%.........gP3.c.).9...;%...........6~......6~......6~..........................................6~j.....6~T.]...6~......6~..B...6~H.....6~..B...6~..>.).6~..J...................;........4...4...4.."...............6~..6~..6~..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........6~......6~....#.6~............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.108037185260499
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:KMsur/4QN/SYE6c78Xo9GwToRK66Du/CFaon:zs3EKFD8Xo9Gw8RKhD
                                                                                                                                                                      MD5:9CE690DF30F497F0E9D97CE12DE60701
                                                                                                                                                                      SHA1:F42ABDB8912FB6381E94111DC88F65D6CD9FFC2B
                                                                                                                                                                      SHA-256:F57A40E7C18CC2DC7EA0315CB5FC1381F534009E95D38E2FD36F6DF6C5CA9F46
                                                                                                                                                                      SHA-512:E2BAD5B8F6FD399633B5AF7670F02867A9662212EC4BD69378B86E36BB57B7AF8C55BFE3DAE8265DF4F586E7CDDD7A1B0F511731C6AA3E5DF6207E022EEA5062
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T.......................................|.......vK..I.......I.qk..B.....LZ....|.......vK......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................(....X.9....N...^..................w..J.....g.........f........................................I.qk..B.....LZ..................(....X.9..............(....X.9........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.135828622035195
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:QLszvLYPovct7eqyEIWCCYqXyT9BoYnWrTo8rdSrCIRdXfKI561ah:QLsAPovcBeBEPxXyT9+TNRK9s91a
                                                                                                                                                                      MD5:C8111A47EBF783BBDCF92FACA96A0F79
                                                                                                                                                                      SHA1:F9958DD431EDDEEF60568C0C1013DE88CC4D713F
                                                                                                                                                                      SHA-256:C6916DEDABFE99C44E1B6607A6AE21902328DEF2F87DC7FFD17BEDBCC5492D32
                                                                                                                                                                      SHA-512:5E5EBCA8BDEC7F73D8C1C51D1BD4CDD3AD32C087DF1D0D5C812CFEFB3489414D43D0A45DAB450B6FD010862238ABD91678A6D6B49827654D0E75DC013A0FD0E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v..."...................................................................................................................................2...>...........v...V............................I.......I.qk..B.....LZ...........$....){u.LD.....$....){u.LD.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............g..Z..?....$. ....N...^................k...;.H.O...p.[........f........................................I.qk..B.....LZ.............g..Z..?....$. .........g..Z..?....$. ........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.151172861613123
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:tsY2oEu5HYlr6EVUX49QdZTuRKiZG+Aev+oax:tsY2oEuwr2X49QdZCRKiZG+Aev+9x
                                                                                                                                                                      MD5:94B112B40DCCAA50E04C04C62C18A795
                                                                                                                                                                      SHA1:0719F575337BC787660CF0AF01761144EFEB373F
                                                                                                                                                                      SHA-256:95F70E1AD7B1BDF9B9CFE56D5449881AE68D78B5DBEE38870FD3D853C5872295
                                                                                                                                                                      SHA-512:219064D774DB780E70691485050EFAFBCFBE139F5BDB1DEC2428B76D7F7D31DE130C619F9FF3360F134EA6A77DCFBBCBD73BF00793AACB230AF1AB7DD3D016E3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ..8.......8.=N..../=&.-..8.=N..../=&.-..8..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............v_.....2...bM.....N...^..................w.P.B....K].d........f........................................I.qk..B.....LZ.............v_.....2...bM..........v_.....2...bM............8.......8.......8...........................................8j......8T.]....8.......8..B....8H......8..B....8..>.)..8..J...................;........4...4...4.."................8...8...8..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........8.......8....#..8............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.14595666579512
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:S8XrsLhcOpQVE4EsWMuX496QiTERKnaq/w+Nq/oED:S2sljpQ6l8uX496Qi4RKnaq/w+Nq/fD
                                                                                                                                                                      MD5:4430136B0345F274E4D524D088871C6A
                                                                                                                                                                      SHA1:4452A63E51493660AEFE0F4B40FD73703F0FCBC6
                                                                                                                                                                      SHA-256:39BF999308A7F90441F1195AF66AFD943EA2E13DA0EDF82765DD8B439F1A5EE9
                                                                                                                                                                      SHA-512:CD9518A0CD03A2BF0583FE44B681EBFE5CB3DF2534CFADB71D014E646E34A868CCB984C9E99D74D5EE832591C547B3AF4469B606BE61C651F38C7C3D9837A3CC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.g.......g.&Q*6.>..r1{|..g.&Q*6.>..r1{|..g...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................Xv...-.n.!7W.....N...^..................~.U'L.jM...Ta........f........................................I.qk..B.....LZ...............Xv...-.n.!7W............Xv...-.n.!7W...........g.......g.......g...........................................g.j.....g.T.]...g.......g...B...g.H.....g...B...g...>.).g...J...................;........4...4...4.."...............g...g...g...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........g.......g.....#.g.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.116840885566033
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ehzAsPbbM0wTrDnwtkLMMOER35uCAZUXI91lSdazToWxrdSr6IpdXnvxYy2eoxxh:ehzAsEnwyCER3cKXI9b0ATjxRKNW
                                                                                                                                                                      MD5:9EC20CBCD5AB8BF94383B5766698E299
                                                                                                                                                                      SHA1:2C87B91C2F5C99571E99EA79BE7106BF84766480
                                                                                                                                                                      SHA-256:3D4690A182E4886BE355F12C2450174D9D340196D5E235F50601214CCFA332A5
                                                                                                                                                                      SHA-512:E0A0BC6DA519F58C99175006258F129CB5C7F9BB043AA006CF50B87AB3767CDF76BDF2B153318BBA89E6481C71A60656A0FDB09A0D10F026719B491972B31218
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ..Y.......Y..|..:A....R..Y..|..:A....R..Y..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............B*fJLp.......o)....N...^...................@b(E.z..cO..........f........................................I.qk..B.....LZ.............B*fJLp.......o).........B*fJLp.......o)...........Y.......Y.......Y...........................................Yj......YT.]....Y.......Y..B....YH......Y..B....Y..>.)..Y..J...................;........4...4...4.."................Y...Y...Y..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........Y.......Y....#..Y............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.12629760203938
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:J19spdmoVnTRENA1s2LXs9zhTHRKsF/c:J19spdmopTuyLXs9zhDRKs1
                                                                                                                                                                      MD5:B7B0BD06C606B54959058EF1CEB65AB7
                                                                                                                                                                      SHA1:F6484998408D991547B49728DE34384309D2904A
                                                                                                                                                                      SHA-256:0DC527A46790F6A1E41F24CFC1B2C91E8C954EDF794631EB9D78E3004A775556
                                                                                                                                                                      SHA-512:8D91A36866F514B5F7B6FD550664416182A841ACEEC9C6F54C740AAE749C27E887DBCF2D99BB4B9D274F1192E375514766CA3FEEE6E578AD085A57E625CFE5C6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ..r.......r.i........Wb...r.i........Wb...r..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............M..a..!.~.g.......N...^................3xp.rC.\.@.Z..........f........................................I.qk..B.....LZ..............M..a..!.~.g.............M..a..!.~.g..............r.......r.......r...........................................rj......rT.]....r.......r..B....rH......r..B....r..>.)..r..J...................;........4...4...4.."................r...r...r..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........r.......r....#..r............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.134574216946712
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:KgZ3s+vxaw81BEyrgpXWp9mTDT5RK4zWNY+Rl:Ts+vxaw8IykpXWp9cDtRK4zWNY+R
                                                                                                                                                                      MD5:33A5451BF36A0D4D1DFFAFBEA437F475
                                                                                                                                                                      SHA1:5FE8C74EE9947AD9008BA72BFBEAD61863A344EE
                                                                                                                                                                      SHA-256:8DC7D3BC724B74C48B91E5BC3E62F394FD1E1BC58F5DDD16D7326B4DEF465671
                                                                                                                                                                      SHA-512:ACE2CCEC5622F5053D43332C3DD17DCDC2C6221575AC39D48E6BF60784FABEF93BB792107DBAA89568CF3952304CD77BE187B23642B3CF72A027DA2F0138B5E4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ...........@.\X.6.$.+......@.\X.6.$.+........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................(...}'.......N...^...............m.G....N...B...........f........................................I.qk..B.....LZ................(...}'...............(...}'...........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.14513211183682
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:HsKI4j0SYiZ0yw4tf4nEJlCDYXHDy9HgtF5VToajrdSrh7IK0dXbsmk0S7DSe7QN:Hslg0P46EXZXjy9g3VT1RKn02B/c1
                                                                                                                                                                      MD5:4B7E82DD22A0E86D2FB0088B179ECBA3
                                                                                                                                                                      SHA1:6CDDAEEB02FFCA242BC2AC22AFE077A14A787094
                                                                                                                                                                      SHA-256:7768772FA6DD021895208ED66F402F82FC49C258F5D5C2CA8B141CC081E8ABD1
                                                                                                                                                                      SHA-512:71B641D2D475632A6C16E67F1B4D39A6DD7503D38936EBEA96F7074418FC8B5F41BA2FECE0F25FF59FB44E1CA2CE1BBFE1F43E7ED7C996C9851EDC09E9C07AE7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......(...v.......................................................................................................................................2...>...........v...P............................I.......I.qk..B.....LZ4.......4...+.'_I...@.4...+.'_I...@.4....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............r>.....E.cG./.....N...^................f...2.I....<h.........f........................................I.qk..B.....LZ.............r>.....E.cG./..........r>.....E.cG./..........4.......4.......4...........................................4..j....4..T.]..4.......4...B..4..H....4....B..4....>.)4....J...................;........4...4...4.."..............4...4...4....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........4.......4......#4..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):3.630530841928535
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:iwQl6a+RLCKEqaedEG4IPEaEjKDc4Ip3b3H4I6J:mka+Rgq96O8reDUp3b3X
                                                                                                                                                                      MD5:B1A23CDB0663EB6C23885427D47BEF28
                                                                                                                                                                      SHA1:17EDA6E235A6741D890D990D98F7A230401402E8
                                                                                                                                                                      SHA-256:99998999F14F42A08987DE09F2078D1B13EEFC45AF46FA9880A4E664C791EDC9
                                                                                                                                                                      SHA-512:AA73BBB14A6E2E8C29E8AFA8972CBD24D6E3EB8C29097CFE2F6DA79A2D0A3C650395EB4460C552876659C56D893ABA1AD7853B644BB791C666BDB757BF9A37CC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.........................................................................................................?..................................................................8......................................$?.fD...j.+#..l+......l+5...E......I.."@..I..-P.m@..."@......G.......^,A....'.......".r'4 |.'.........................................................................:.......:..R...0.Sr9.Gs.U.....s.U?MrlO.b.q..2.......^...........<.......,........l+...:...?.'[.................T.r...l+T......?T)...s.UT.2..'[.T)V.......J.......".......m.......l+.....'....c..,0...e...B4.$...........GP..A..}.....J....................'.......'.......".r'4 |.............G.......^,...:..R...0.Sr9.G..:.>.......SX.E..4>...BD..MD..:vE.+..IBD......>...........H........G.......^,ABD..MD..:vE.+..I'[...dkE.$#...............0...........e....4.............."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w.......B.^....F...r.QH.....(...........(..."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):4.58251970596317
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:++BGRAK0zYr4TL0yir+njRtLXLB+uT5G7aNyyvkAOm0X2bCNcXOdWdhrg7huu:++BGmK0zu4TL0yY+njR5XL005G+NyyM9
                                                                                                                                                                      MD5:C8CA007223FBBB0EA668400816BB75DC
                                                                                                                                                                      SHA1:91518B5BEB7FACB5128F070CB3111B0C5F0FDD5A
                                                                                                                                                                      SHA-256:B5D5BABA40BEB85B21ED77F1EE05F3C0EC28C7C8C78AF29ED71C067C245FDB85
                                                                                                                                                                      SHA-512:A27E54EB97275E530A060252BBB888C4FD8F075F1CF555FBDBB5BAFE935E391AED4C9EF0C709720BA706C9D11640EDA7A1E6E547C23E21E3FFAC98455AC9EE84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....>...........v........@..( ..`J..........>...t...8...v........H..( ..PI..................................................................................>...........v........I..( ...I...............I.......I.qk..B.....LZ.[.......[.......f.7q.....q..+[...gDs....q..[.......f.7q...[...I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'.............Y..:!".$.Y..5.....N...^...............#Iy6G.rL...................J...............................4....I.qk..B.....LZ............Y..:!".$.Y..5...................................[.......[.......[............................................q(.6....q(.z....q ......q$......q ......q(.5....q ......q$.........[.3.[.8.[...z...y.. x.. ...........$........!..7!..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3..............Z4...........................................4../4......p...............C.a.l.i.b.r.i.....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):22203
                                                                                                                                                                      Entropy (8bit):6.977175130747846
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                      MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                      SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                      SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                      SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):3.963962053886136
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:rsG2seToWcXFCkeR/xh3QpoZ9cbUyN7rZlcarAE:QGIoW+F8R/ApojcbPRrZlcarAE
                                                                                                                                                                      MD5:DC80FF33C2CD0DAF7F3DB7DC701F3798
                                                                                                                                                                      SHA1:82AA3E04BE3D49FC6F15381A0C97ADA6527785B1
                                                                                                                                                                      SHA-256:05A419113171FBB68F6EE04D8221A371E83AB70B2033AEB34A70A06FDB985ACB
                                                                                                                                                                      SHA-512:74683CED12AC3361440B3EF3F31134D7F98AACFD37B8AB731120FC1E0E46C57D1DB7BDB42278C6E53A5C53A0224999C0946BA908C29B0E66A8FBE4815DFA7785
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......................................................................................................................................2...>.......Z...v...&............................I.......I.qk..B.....LZ..+.).....+..l..7.U....{..+..l..7.U....{..+..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............K~O*...\...P......N...^.................hoeT'L...r@...................................................I.qk..B.....LZ..............K~O*...\...P............K~O*...\...P.............+.......+.......+...........................................+j.h....+T).....+.......+..L....+H.]....+.......+..H....+..}.......Z4...........................................4../4......p...............C.a.l.i.b.r.i....................+...+...+..z...y.. x.. ...........$........4...!..7!..7.................+:..+F..+G..+..z...y.. x.. ...........$..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52945
                                                                                                                                                                      Entropy (8bit):7.6490972666456765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                      MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                      SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                      SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                      SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):3.5186902096052135
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:N0s8MgvP1dmxFX7Npg/XSxEQuvRtO0RLmruFDLG1GdIwr98NX2sF+D:NJ8j6FX7NuvCEvvRtFnQ1GdIa8NX3C
                                                                                                                                                                      MD5:BF40B0D4A9D85A340EFF2D34A714F4F1
                                                                                                                                                                      SHA1:43C46AC8302F0776A32121631A5C7519AA3551E9
                                                                                                                                                                      SHA-256:97D779157BF4EE94462B130DB2289246DE2EF46D655F50D22DFC76CCDB9B6B0B
                                                                                                                                                                      SHA-512:C5CB44B459396D5BB40EE04769E1A552EE6B9769C1BA22C008112CF7B99C8F8342B79D132E2880911833038DA379262C01693C8B4EAE68A362178EAE90B5518D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......................................................................................................................................2...>.......@...v................................I.......I.qk..B.....LZ.'U.9....'U/X4Y.-.D....'U/X4Y.-.D....'U..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............'.. D........'3%....N...^................yM+..^I.....q.............................................r....I.qk..B.....LZ............'.. D........'3%........'.. D........'3%..........'U......'U......'U..........................................'Uj.....'UT.H...'U......'U..\...'UH.....'U..3...'U..O...'U..........Z4...........................................4../4......p...............C.a.l.i.b.r.i...................'U..'U..'U..z...y.. x.. ...........$........4...!..7!..7................'U:.'UF.'U..z...y.. x.. ...........$......
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):25622
                                                                                                                                                                      Entropy (8bit):7.058784902089801
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                      MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                      SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                      SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                      SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):3.0947660094871723
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:a+tXFcVfFYeOKE/+BnSQHWvsRSvuCVf9iWt5HjdFr2Fk8:aqcVfFYcE/+BnXHWvsR0uCVf9iW7Hj
                                                                                                                                                                      MD5:D7DEF25EA334E0BB7B9FDFA153DE0D64
                                                                                                                                                                      SHA1:B3CCFB049937EE28748795029C81B84BADC720C7
                                                                                                                                                                      SHA-256:8021B33F1B97E2AB3E5596C9BB5B48610B15A00C9E4F9F66D03ADB1556121F60
                                                                                                                                                                      SHA-512:439D7D726096384D623B4E0BA9BC634CEAB78129A412C2D49F9840434DB4CC2A92CBDC1AD15E22742A7FDCA2275CBB6F1C1B2EA56A677F6A859B3B5BB35D48DC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......0 .../.......a.zx.!....8.............a.zx.!....8.........I.qk..B.....LZ................................2...>.......B...v........-..............v........-..8....................I.......I.qk..B.....LZ....T......w.F.........r...w.F.........r.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............a.zx.!....8........N...^..................ZD..M...wp.._.........................a.zx.!....8...............ZD..M...wp.._.............a.zx.!....8....................................................................................................j.e.....T.......................a..................... .H.......z.......R...................!..7......}.....W.i.n.g.d.i.n.g.s. .3.......................Z4...........................................4../4......p...............C.a.l.i.b.r.i.......................z... ..$..............
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15740
                                                                                                                                                                      Entropy (8bit):6.0674556182683945
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                      MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                      SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                      SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                      SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):3.7749200032851826
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:9s34Fa0rqotintqSLX0vmuyRtESwyQeq1h+Ou4XYlZXL9i008ktGqEG:CoY0rq6It3j0euyRtQyvq+MXYl15i00/
                                                                                                                                                                      MD5:9CCBC64FED2AD5382E5F5B4F768E660D
                                                                                                                                                                      SHA1:4DCF550D7A6B543B6ECA7E4F180207FE832768FE
                                                                                                                                                                      SHA-256:6003A2F4AA8045109DCDC11D3A4EFAAD690C0A2BE54DD5D13405D60BE8EB1692
                                                                                                                                                                      SHA-512:586CB89DF28B90E729109F5D85780A4DC5DC66274DF24DF1F0C23C807AA1656025C32A7DD966178BBCA6D70B30A3AE6CCCAC2FC7C66BFBF30462A15709BDDC42
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...x.......v........ ..`!..2...>...........v.......@................................................................................................................................................I.......I.qk..B.....LZ.f..9....f.j3>...f.m#....f.j3>...f.m#....f...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............l..........k{P....N...^................&....H.z.G. x..................................................I.qk..B.....LZ.............l..........k{P..................................f.......f.......f...........................................f.j.....f.T.Q...f.......f...n...f.H.....f...9...f...V...f...........Z4...........................................4../4......p...............C.a.l.i.b.r.i...................f...f...f...z...y.. x.. ...........$........4...!..7!..7..............'.f.%.f...f...z...,4. ...........$>........4
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55804
                                                                                                                                                                      Entropy (8bit):7.433623355028275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                      MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                      SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                      SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                      SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):4.65314743622543
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:MsERvj8ZSfAFVYaoogqoaAYi+eOHeFPMqX3hZaBcNRtbsFydwCaLBM9yB/U4Cy/g:RQgZSfALY2gqoaSj+exMkBRtQFOwCaLq
                                                                                                                                                                      MD5:73625F2E8E2EDB33703BA233F50FE43E
                                                                                                                                                                      SHA1:FF36DA8DE6650BE75692DF8B7FE142AB2E7754CD
                                                                                                                                                                      SHA-256:AB6268113D7EC00E541263EC8A114C67666E34046E512D8402435117AF36D873
                                                                                                                                                                      SHA-512:F02F42F3A7AC592AD1A9187F6993D957731645ECCD088ABD55A14A25C9C5D0F509A21337CA562B29CF14C37ED42E060D70C02B93AB74E05B67A5CDA13E37320A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....>.......>...v.......0 ..h+......>...........v...Z...@...X*...........................................................................................................................................I.......I.qk..B.....LZ..................._|.............._|........I.qk..B.....LZ.I..s......H.~E.... s.............I.......I...................................................I.t.....I................................................................4..'...'...............v....E..s....n....N...^.................'.XK.J..d8u....................................................I.qk..B.....LZ..............v....E..s....n.............................................................................................s....|..s..(....s..(.z.....j.N.....T)................b..... .......'...8.....z...,4. ...."......$>........4.."..7......A.g.e.n.d.a.:.........................Z4...........................................4../4......p...............C.a.l.i.b.r.i...............................z...y.. x.. ..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):41893
                                                                                                                                                                      Entropy (8bit):7.52654558351485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                      MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                      SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                      SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                      SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):4.583117307455433
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:XsapwRQ/ClPXhF9gQ/msfdU1bLyXxvGBOHQqYX8Ly/kKRtnx/9nClskI9On:cap1iPXhHp/myU1KBvGB+QVP3Rtp9nCp
                                                                                                                                                                      MD5:A9DE94412FF9C01F5B833163C7DDF304
                                                                                                                                                                      SHA1:93CF81BE83430AA5EAD2FEC4260599C86FDDCC0E
                                                                                                                                                                      SHA-256:069DD304DB90D773336B2AA2087E17B13B63F730A8F16FF4A0D149B6478E2587
                                                                                                                                                                      SHA-512:07368DD31A517E70A28B197FC1EB80D6CAE077C43193B12EAAB854B21BBAB24AC7AE961BD2350289F0B8D2FBE8928A6DB7E384DE0D8B13E9193D78CE6523BACD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......,...v....... .. +..2...>.......|...v...H...@....*...........................................................................................................................................I.......I.qk..B.....LZv.L.G...v.L.....)...|S.v.L.....)...|S.v.L..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............A\.XM..*^;F&(/T....N...^...............t.uP...M.:{.S...........V...x....................................I.qk..B.....LZ............A\.XM..*^;F&(/T.................................v.L.....v.L.....v.L.........................................v.Lj.A..v.LT....v.L.....v.L..r..v.L.....v.L .7..v.L.....v.L .........Z4...........................................4../4......p...............C.a.l.i.b.r.i..................v.L.v.L.v.L..z...y.. x.. ...........$........4...!..7!..7...............v.L;v.L.v.L..z...y.. x.. ...........$......
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14177
                                                                                                                                                                      Entropy (8bit):5.705782002886174
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                      MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                      SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                      SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                      SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                      Entropy (8bit):4.643580412483197
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:r+fVeg3B5XNDuV3z1km/VfjTvPbL1VB0uWOPBi832KNkbR1zEQ4v8cJFXMR3J66T:EXNTihx9hX+nrS2GDf3KjH
                                                                                                                                                                      MD5:1DD427741F72FC5A72C6CF0DCFD07897
                                                                                                                                                                      SHA1:70F7FA1D9A86E81E3403C09A3EF153E5749AA6E2
                                                                                                                                                                      SHA-256:2D84A1F440DF2C1CF6DFAB100FA8F85CE1B15BF5543B0EA1841C64A5C2A00C98
                                                                                                                                                                      SHA-512:189F26AC1CA6DB3447346160DB748FA3F175BB07B52BEC165FA3D6A2C45E8094FBA4C4809EA2F382171C814AF2AC180E06E1023108365B585DA8BD123DDBA78A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....j...&&.......%..>&..(... ...@.. `..............j....%.......%..Z&..X... ...@.. `.....................................................................j....%.......%.......... ...@.. `..8........C.......C......g L....WA......WA..9..H... .Y....#z.V....n.u.Q..#.......Y.0>............yO..............y..........C(......C(..................................................!..T.....[.T.-..L..T....D..T$......T#7.....T#B.... T.^..w.!T.............0...........e....4........................u.^s.Q.@.).~b.......(...@kO.....(..."...P.l.a.i.n. .a.n.d. .S.i.m.p.l.e...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.5.2...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e...........!.......!....C...|_'.QN*.....QN*t?FpN...(..f.2...T............................C...[..D...WA..n...UN..l............w.!.....F...c..,0...e...B4.$........{p.....G...^...?@kO...................`.......Z....(`...`..V?p....0.p(S.`...gm..D...!z.[a_L.gm......>...>...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.370111144737631
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:0scUoJIbgE8SXxt9RriRAojF2TLiOF9uo:0scUoJ098SXxt9xiRAojF23iOFIo
                                                                                                                                                                      MD5:487A6A54D13D3EFB40B485B8AA4358CA
                                                                                                                                                                      SHA1:5B8964D3C86E9C1E145B07F48FC720D90567E388
                                                                                                                                                                      SHA-256:7A30DD69272B03615781D5482612DE8058C9444E567E9F33827AA8E692D79FC1
                                                                                                                                                                      SHA-512:2390F60844A444DB8F65FF7D475E867964F7878A307E3489FEB4A835A524BF788C99E01BD84BFAE6796F4824C1CEBF4651620C5017021DE535072855321D3384
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ_JN....._JNpQ.Q....P..._JNpQ.Q....P..._JN..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............U...S.....m.Jd....N...^...............o..Y.H.O....... ........f........................................I.qk..B.....LZ............U...S.....m.Jd........U...S.....m.Jd........._JN....._JN....._JN........................................._JNj...._JNT.].._JN....._JN..B.._JNH...._JN..B.._JN..>.)_JN..J...................;........4...4...4..".............._JN._JN._JN..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........._JN....._JN....#_JN............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12654
                                                                                                                                                                      Entropy (8bit):7.745439197485533
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                                                      MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                                                      SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                                                      SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                                                      SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.363896538766061
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:3d2s0JSXE+p6xEataMEp8KpWXguW9pthcXTBrdhSrHAV6UjNtX83619NR36OCG:3d2sP16xplEpfpWXJW9pXc9RAYbNt
                                                                                                                                                                      MD5:93A738EB0D23B34F0707D9131A8B615B
                                                                                                                                                                      SHA1:0A40192AD04A99375085C7494B3C7FBF04A9A622
                                                                                                                                                                      SHA-256:244D034A6C706ACA859935286E98F29E85F36D0C7D2E5D1172282F83C4CAA811
                                                                                                                                                                      SHA-512:79C958F0A5DAB19EF8554A18E42D2F60AF72BFE9E8A103221DBC4C538DEBA57ACDE8AEDE1D17A69EBE8F5020AC8F8BAC05A09C35362D9B0B7A75184327EA7BAE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ/U....../U..e........{./U..e........{./U...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............j.0M`...2...A.......N...^...............:..b\u"O..".............f........................................I.qk..B.....LZ............j.0M`...2...A...........j.0M`...2...A............/U....../U....../U........................................../U.j..../U.T.]../U....../U...B../U.H..../U...B../U...>.)/U...J...................;........4...4...4.."............../U../U../U...z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........./U....../U.....#/U.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2695
                                                                                                                                                                      Entropy (8bit):7.434963358385164
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                                                      MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                                                      SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                                                      SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                                                      SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.318497930089572
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ZHysA9qX0FucREBtOoE/Eg6XaZ9hxxclrdhSrHftXAY9hNH9:xys9euGC5E/p6XY9h3IRA/Z
                                                                                                                                                                      MD5:C74A136A7901EFD3765D844780D6A275
                                                                                                                                                                      SHA1:03E4BF6EC2435B09B49BC0DB874C92E153308BB2
                                                                                                                                                                      SHA-256:2AF2721AAA6DE49E73EE68BC8A56104497D5E03051447EB5F0753A99E9D69BCB
                                                                                                                                                                      SHA-512:1ADE14B4F64846BC3E062F0F9FFC8DC38D98249602ED272D5F8D49E796F5CFB1780A595D8D5B7A347B49A2BC1A5EA3491D030589BD68D2BA337B5D591D60B921
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.`.......`..t.......w.x.`..t.......w.x.`...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............0..A,4..5..J"......N...^.................L.F..D.LTaW..(........f........................................I.qk..B.....LZ............0..A,4..5..J"..........0..A,4..5..J"............`.......`.......`...........................................`.j.....`.T.]...`.......`...B...`.H.....`...B...`...>.).`...J...................;........4...4...4.."...............`...`...`...z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4..........`.......`.....#.`.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11040
                                                                                                                                                                      Entropy (8bit):7.929583162638891
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                                                      MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                                                      SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                                                      SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                                                      SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.486667250871125
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Cs9t3AIp24e0y4vtUEP3F7FLX2L9Stc1rdHr4ox2tX5pFIh/exUSn:Csj04ev4vWEP3FtXC9StIRL4ZBu9exU
                                                                                                                                                                      MD5:F8A6461F76D1A51BB5E82362877C0D24
                                                                                                                                                                      SHA1:959003DCF40D5EC51F87A2BE4E2C1BAB8C6312B0
                                                                                                                                                                      SHA-256:0664260C297963B3C812DF7A3C42AB3A15CB36D4C1935A7C3CB540891B766FBF
                                                                                                                                                                      SHA-512:A0A106AD95AC27A46ECB079A94A833FDD10AD083436B2DBABC1F55A29EA17405C1DA9D276CA22D296BA872715DB5E8C82B35FCD41DFD02E102A2FC6C55F337B8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ.4.......4.Cd+......a.d..4.Cd+......a.d..4...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................~q..<._3........N...^.................[M...K..eX.y.U........Z................................... ....I.qk..B.....LZ...............~q..<._3...............~q..<._3..............4.......4.......4...........................................4.j.....4.T%c...4.......4..G...4...H...4...>...4.......4. .3...................;........4...4...4.."...............4...4...4...z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4..........4.......4.....#.4.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2268
                                                                                                                                                                      Entropy (8bit):7.384274251000273
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                                                      MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                                                      SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                                                      SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                                                      SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):784
                                                                                                                                                                      Entropy (8bit):6.962539208465222
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                                                      MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                                                      SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                                                      SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                                                      SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):2.7237107534248417
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:1sfhFuJoavjPLXD9RSsvRCzEARo2ovoIo1o2ovo3o:qiaarbRwuRCwARXahIX+W
                                                                                                                                                                      MD5:2871E296D8EEB9DB9E2A19DC6349BB00
                                                                                                                                                                      SHA1:7031C112306C2784127070169D08F69343561E4D
                                                                                                                                                                      SHA-256:3278E676110EE01CAE71DD0A6611B9884CA719A495BEE0CB83DEED7B6930232D
                                                                                                                                                                      SHA-512:FF4CAFBE00BF84E7AE4B8AEC9AC1B1CE2CB5004AEC83EF9EEB739B308FF7B00E82D08D233F3B20642BC68F1FEA5DA86959DCC177E1A1700637CEE77856EE63C2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......................................................................................................................................2...>...........v................................I.......I.qk..B.....LZ..,.......,EZ.$.<.!b.u....,EZ.$.<.!b.u....,..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............o...f...kT(8b.....N...^...............f`.=;..M..iWM.J!............................................^....I.qk..B.....LZ.............o...f...kT(8b..........o...f...kT(8b............,.......,.......,...........................................,j......,T.l....,.......,..Q....,..Q....,..>....,......., .3...................;........4...4...4.."................,...,...,..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4...........,.......,....#..,............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3009
                                                                                                                                                                      Entropy (8bit):7.493528353751471
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                                                      MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                                                      SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                                                      SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                                                      SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2266
                                                                                                                                                                      Entropy (8bit):5.563021222358941
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                                                      MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                                                      SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                                                      SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                                                      SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.347001807926231
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YuWsgm1v91stj6Cg/5EgpXIOR+9qb66oMSrdQqrqFtl7BX51kEd:YRsgE91sBNg5EoXp+9qb66ERQyw7P
                                                                                                                                                                      MD5:02AEF36D174FAB5D113E989E8EE0D739
                                                                                                                                                                      SHA1:D7EC09517514BE8CC29B13A98CEC9003F3B738F1
                                                                                                                                                                      SHA-256:8F782110055CC0311AE0748CD219200B03F1F5FBB9F3DF7E44CD403C4FF10B9E
                                                                                                                                                                      SHA-512:9C80E2E340FEFBF1E73D4FA6426641B6D7D0E1D53C089B5373BDC9D5F0E82908C5F34FE5060C8FE536EC61A8D22EA1A363493221B32E6BA2C1DB9FC48EE9D419
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ|.......|...U...+%.Y..fM|...U...+%.Y..fM|....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............n.5..d...72.C..S....N...^...................W-.@..`............f........................................I.qk..B.....LZ............n.5..d...72.C..S........n.5..d...72.C..S.........|.......|.......|...........................................|..j....|..T.]..|.......|...B..|..H....|....B..|....>.)|....J...................;........4...4...4.."..............|...|...|....z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........|.......|......#|..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):99293
                                                                                                                                                                      Entropy (8bit):7.9690121496708555
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                                                      MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                                                      SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                                                      SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                                                      SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.356253799986585
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YuB0smmHMgDm8utw3hEVpyYPpXYVp9FkpotrdQqr+VBXZFDEZKB:YlsmBgDduwEPzxXYb9ipsRQySp0K
                                                                                                                                                                      MD5:D8E89406AC323362E5C3746FD03B9179
                                                                                                                                                                      SHA1:618676C4D0DDFB4E331334A9D4B2A54F5C02C9E8
                                                                                                                                                                      SHA-256:4062EFDF1614A953256481B179B864F0B9EC6FBB14E98F10CE67CAC61B0B4959
                                                                                                                                                                      SHA-512:C81EF49078D4218CDF03DD6D3C8E6189CBFAC6A35D1215CB8FBA3E9F7E36120907B96C893C987821121C95AFFE340E371C1BB8D89F12C63FDFECD3E4D89F3526
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.6.......6..'...2.V......6..'...2.V......6...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............*....t.&......Y....N...^...............V)A..e@..#............f........................................I.qk..B.....LZ............*....t.&......Y........*....t.&......Y..........6.......6.......6...........................................6.j.....6.T.]...6.......6...B...6.H.....6...B...6...>.).6...J...................;........4...4...4.."...............6...6...6...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........6.......6.....#.6.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2898
                                                                                                                                                                      Entropy (8bit):7.551512280854713
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                                                      MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                                                      SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                                                      SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                                                      SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.357360334907284
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:m9soZkmPFitb2TJESh7qXh92OJoVrdQqrRWnxpqFBXSXUrFzMg:m9s5mtic9ESh+Xh9hURQyRSqFZM
                                                                                                                                                                      MD5:56CE930BCF07F04414EA5368C74E724A
                                                                                                                                                                      SHA1:6F10B6769B9518FD182F5E8D1EA7C8EBEAB932A2
                                                                                                                                                                      SHA-256:26B013F114F95D58669AEF07535DDEE00F71F9D1E3A4E087FB85BD225284DAE4
                                                                                                                                                                      SHA-512:DBE91573EFF046B8A1B2FC9EA67C436D190292992592D639D661CCE108CE0AEEBC58606A5F6D29E878BBCCCC4740AF935178A8AE56DBD124548CB3BDEAB633E7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ..................l._.x..........l._.x.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............Rj...)+...'y.._.....N...^...............&...=fXK....H.........f........................................I.qk..B.....LZ............Rj...)+...'y.._.........Rj...)+...'y.._.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):29187
                                                                                                                                                                      Entropy (8bit):7.971308326749753
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                                                      MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                                                      SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                                                      SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                                                      SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.364550872435837
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:EsFiRyqczf+tisqXEYYOt7I1Xcn9AQyNozBrdQqrA1czTCBXTk91qjIdXBPd:Eshzf+EVEYY60XQ9eWBRQyvuo
                                                                                                                                                                      MD5:9B135481069F6674F0A43AF0E6BCFD34
                                                                                                                                                                      SHA1:BB140869D7094F5FB2B8EDDF2E589A0B6BC9E582
                                                                                                                                                                      SHA-256:0B751A865CBB8C708CDE65009569188169BFEE0EA650D4298293A5A33745A35F
                                                                                                                                                                      SHA-512:C64D4A822BF704BC95687A9E3F6FD40B91D437AF65AB9E431666B24EAC8A1DF3EB5986B9199BFD7E5862E8FAF0CBDDC6D1B4E46DA10AA67915D7FED988F6CAE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZI.......I..P.;..5.2=...I..P.;..5.2=...I....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................V.....ugP.......N...^................]U.w.N.[..Y.v........f........................................I.qk..B.....LZ................V.....ugP...............V.....ugP............I.......I.......I...........................................I..j....I..T.]..I.......I...B..I..H....I....B..I....>.)I....J...................;........4...4...4.."..............I...I...I....z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........I.......I......#I..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4819
                                                                                                                                                                      Entropy (8bit):7.874649683222419
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                                                      MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                                                      SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                                                      SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                                                      SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.3625200785982345
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:msvh+KAad11AmtMM9EnV5HZXjLufo9+To9rdQqra3IIf7BXtEGkfKpaV9:msQJaf1AmDEVtZX19scRQywIGyf
                                                                                                                                                                      MD5:36025D79D31D15758DF5631125C0F2F1
                                                                                                                                                                      SHA1:D2B0C6D2A1E9DC2B465E981950C79FFADF056B65
                                                                                                                                                                      SHA-256:723A517DF6B53BA98D578149528F7469B2E54E509906263B1282034D68C8A981
                                                                                                                                                                      SHA-512:1E65FDDAB838B63C15579E41EAC981849661A8A2FBDAC6624D0983F9D4494A546B3414A5E127254545F20D0AFD9D739F6B51A3449964CE69D74CDF4B44CECF6C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................I.......I.qk..B.....LZ...........UZb..7....:?...UZb..7....:?.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............w..M..n.-...L[......N...^.................i...B.~J%.R;n........f........................................I.qk..B.....LZ............w..M..n.-...L[..........w..M..n.-...L[..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1717
                                                                                                                                                                      Entropy (8bit):7.154087739587035
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                                                      MD5:943371B39CA847674998535110462220
                                                                                                                                                                      SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                                                      SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                                                      SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.375166412120548
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:HesBJjH2muEKd5bXN9rGLBRQyEf5jiABmYPc:+s72iK3XN9r+BRJEf
                                                                                                                                                                      MD5:ADBD49591B668BA5DADAE505361AD4BF
                                                                                                                                                                      SHA1:2AC3AE0FACB3712D3BE8D5FFA9BBA0851813E789
                                                                                                                                                                      SHA-256:A02EF60FE1FB92168747386429465E41AC42826A86B21902354C5FE3AA8C70D1
                                                                                                                                                                      SHA-512:456AA56515B63B21DD748B619B85CE692D28C181048F2A78A56091D325E976745F4B08759AE508364C5D750147B65CA9ADD92B9115BC57A70C7531F5A879AC3D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.........LuC..>...:..^..LuC..>...:..^....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................}\)...K.)..'....N...^...............jL&../.A...{..=........f........................................I.qk..B.....LZ...............}\)...K.)..'...........}\)...K.)..'....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3555
                                                                                                                                                                      Entropy (8bit):7.686253071499049
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                                                      MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                                                      SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                                                      SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                                                      SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.3559388572325215
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:AsayZrUYsJ2tLFgaSElnXkH9C3odrdQqrbwmXtBXNWVX9S5DiIVMlS8:AsvZwJ2lSEVXg9EMRQyEKGVw5+IVMlS
                                                                                                                                                                      MD5:C1142FDB44A259BAB8FB596C87E9ED00
                                                                                                                                                                      SHA1:823AE6CA2376A780A6A0140ED0A7E13F49D6E0AE
                                                                                                                                                                      SHA-256:725242EB22FF65B72C8A393250B919F8F56DC0182D8E00426B7152CE18A712C8
                                                                                                                                                                      SHA-512:9234E32955107DB22299FC6DA0EB4ACE4B8A8BDCC3908EBF77DA8E428C57975ADF2F8ED08DA8BB8A22A62F1AB9231796A651E64B587424F50E82E5F248BCE8F1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........7[g1..@..r0.....7[g1..@..r0.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............yU{'.L..*.....I....N...^..................T.CA..)..4d.........f........................................I.qk..B.....LZ............yU{'.L..*.....I........yU{'.L..*.....I........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3428
                                                                                                                                                                      Entropy (8bit):7.766473352510893
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                                                      MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                                                      SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                                                      SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                                                      SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.321641495380252
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Rz2sOqDn/g46cmtAKfq2EXNrx7a4XDfw9GKohrdQqrlUyxB/6BX+u7F9Unr+27+h:Qsn96cmaMEXNrxG4XE9VoRQyz6j
                                                                                                                                                                      MD5:5D9C99FC9363D5494F212ADC5CE7F14A
                                                                                                                                                                      SHA1:8EEDDA7E66C90FCEB0DC94C0816A57F54697753F
                                                                                                                                                                      SHA-256:8F8B49882EA5838843E5D1E35A171A20E4766417892074B10588DF0863B8F927
                                                                                                                                                                      SHA-512:CCC1EE528EEFE3057F23E39B45376D49B074C94377B4CEEA540B719A28507907CB198196686B177ECFF588713299328BE7F0BF2C51C3D53A539E257E0D70918E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZM.l.....M.l.<GJ.(...V...M.l.<GJ.(...V...M.l..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............p{.D......../......N...^...............k..Y.._A...0............f........................................I.qk..B.....LZ............p{.D......../..........p{.D......../...........M.l.....M.l.....M.l.........................................M.lj....M.lT.]..M.l.....M.l..B..M.lH....M.l..B..M.l..>.)M.l..J...................;........4...4...4.."..............M.l.M.l.M.l..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........M.l.....M.l....#M.l............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65589
                                                                                                                                                                      Entropy (8bit):7.960181939300061
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                                                      MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                                                      SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                                                      SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                                                      SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.34819860230331
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:msNJQgxrdtfpEmdP0hX/Lh9+37oBrdQqrg+ixBX1bkcR0t:msogxrdPEmdeX/19a74RQyAx/x0
                                                                                                                                                                      MD5:77F9AEC20435628038535C1E68016B80
                                                                                                                                                                      SHA1:A681ACFAA8B5BBFDA31F74427E669782B547E806
                                                                                                                                                                      SHA-256:E1FED9B33321F8C6538295F7F012A3026CC4E40FC055C76E2DAB8030B9D13A07
                                                                                                                                                                      SHA-512:EABB5B4889254619257949D57064F61EF1F711102A2E67E2A7E6BB6B74A7EF2D697FB346DFA7281C8B25146459388BFC461DA82C0B87A23E846D85F5DAA2B46D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................c.......c.6....7...R@.?.I.......I.qk..B.....LZ.c.6....7...R@.?.c...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............eB.L.4..-+...Fp.....N...^..................9J~fE.r1............f........................................I.qk..B.....LZ............eB.L.4..-+...Fp.........eB.L.4..-+...Fp...........c.......c.......c...........................................c.j.....c.T.]...c.......c...B...c.H.....c...B...c...>.).c...J...................;........4...4...4.."...............c...c...c...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........c.......c.....#.c.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1873
                                                                                                                                                                      Entropy (8bit):7.534961703340853
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                                                      MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                                                      SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                                                      SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                                                      SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.472329138004562
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:GsKJ8WbUYLtUEePXO9byEbo1rdQVruOXBXwiGkBhdf:GsFEUYLWEwXO9ZbURQ5xqM
                                                                                                                                                                      MD5:A96954AE250DB71BD94787EE2DF4F243
                                                                                                                                                                      SHA1:6591DE12E3F829E3E421750F1B0BA294712BA802
                                                                                                                                                                      SHA-256:F4A7AEC30A9E6BF72030F2D1D7484D903DF1802ADC773FC530B5DFEBE6F1EB72
                                                                                                                                                                      SHA-512:5C8A8A62881A4FF00901509A733587324775D5A1F581DA6FFC9C4E3D231DCE9EE929A7A27434C22D95AEEEDA17F8791DEDB09A84D8A168040445FDDD539A0ECB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ............R.a.(|...5.....R.a.(|...5......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............i=......b.J.B......N...^...............5%.DO.6K...p..5.........Z........................................I.qk..B.....LZ.............i=......b.J.B...........i=......b.J.B..........................................................................j.......T$c...............G.......H.......>............. .3...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5465
                                                                                                                                                                      Entropy (8bit):7.79401348966645
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                                                      MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                                                      SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                                                      SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                                                      SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3361
                                                                                                                                                                      Entropy (8bit):7.619405839796034
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                                                      MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                                                      SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                                                      SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                                                      SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.347245694991927
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:qsr28HeyRh/hEXxXLx9WGW7YRQyPkYl8JuFnvV:qsr28+khmhXl9WVYRJPLl8JuFnv
                                                                                                                                                                      MD5:BC9EE0ED554154F6F1B84947BAB66F39
                                                                                                                                                                      SHA1:B1F0B3B8C9B917CF303BFFA3CEB9E1BE1304B261
                                                                                                                                                                      SHA-256:7FE51CACB7E24B7F14FB531E23C0A666389AE27469B56C09DE38BEBE79992137
                                                                                                                                                                      SHA-512:EF7C86C0A9573E9FF696849E5B288C92E9885050874DD51E0B6B62371AEA7C6F44F3E7032B37716ED889AEB17A49E9EB7466EBEBC45012D03729B2009CC2F0B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ^CD.....^CD...Q.+we.1.I4^CD...Q.+we.1.I4^CD..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............./.w*..g.-j.....:....N...^................4...i.M.xB.:...........f........................................I.qk..B.....LZ............/.w*..g.-j.....:......../.w*..g.-j.....:.........^CD.....^CD.....^CD.........................................^CDj....^CDT.]..^CD.....^CD..B..^CDH....^CD..B..^CD..>.)^CD..J...................;........4...4...4.."..............^CD.^CD.^CD..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........^CD.....^CD....#^CD............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):140755
                                                                                                                                                                      Entropy (8bit):7.9013245181576695
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                                                      MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                                                      SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                                                      SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                                                      SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.339511663885265
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:YW62gsDPTNXT+EuVoXLo9eryZRQyKVeH8v:usDTduVoXE9erARJ+
                                                                                                                                                                      MD5:CB79DD127F89B18A3DC34BD978004054
                                                                                                                                                                      SHA1:21FF20A7E0D5C40DAD645072735B8B506C79EACC
                                                                                                                                                                      SHA-256:DF8A7D29036C5DA6180F49BE18D5868A7BA7A4E45BDA9931D0478A81A5EB7D34
                                                                                                                                                                      SHA-512:CAA8E3D0F362785554EECF444315F02C75F13A53F0451F6DA5ACD219177490290C9D03A8D7CDFE3E0CE9084807D9554895B8056804C53C300D6AEA82D671058D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ}.S.....}.S...f.(ud..i..}.S...f.(ud..i..}.S..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............J?..X.....(.......N...^..................A.l!@.uA..r^u........f........................................I.qk..B.....LZ..............J?..X.....(.............J?..X.....(............}.S.....}.S.....}.S.........................................}.Sj....}.ST.]..}.S.....}.S..B..}.SH....}.S..B..}.S..>.)}.S..J...................;........4...4...4.."..............}.S.}.S.}.S..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........}.S.....}.S....#}.S............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129887
                                                                                                                                                                      Entropy (8bit):7.8877849553452695
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                                                      MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                                                      SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                                                      SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                                                      SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.346782801793628
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YuRKBsBST9uH0Vxts57ZEr7LtXX89+9oXl7rdQqryuG0BXluTXTujT7VTWTXTOpT:YRsD0VxS9ZEr7ZXs9+9alRQye0f
                                                                                                                                                                      MD5:CA14FE8E2EF17408BB3AF9208A9F3BE6
                                                                                                                                                                      SHA1:A7E372F8786F5AC1E99739E0B9C6BD7B9EF0B73C
                                                                                                                                                                      SHA-256:0FC6D7586DD49CFAE7D82BE4E69F4594A7D558429645D2E6C483A7C6B52FBD5D
                                                                                                                                                                      SHA-512:C211C19409D96F9F3543EB5D8A9479E9839F92D8647FCF505FD4927BD17054B474F44BE9BE94CB71EEB4E598AFABC4CEECAF6783BCA2406ABD180F5E2462C787
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..N.......N.b+.....".j....N.b+.....".j....N..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............&..UV}..M.C.;q....N...^................L4..D...x8..{........f........................................I.qk..B.....LZ.............&..UV}..M.C.;q.........&..UV}..M.C.;q...........N.......N.......N...........................................Nj......NT.]....N.......N..B....NH......N..B....N..>.)..N..J...................;........4...4...4.."................N...N...N..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........N.......N....#..N............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):84941
                                                                                                                                                                      Entropy (8bit):7.966881945560921
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                                                      MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                                                      SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                                                      SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                                                      SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.306603475666256
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:YJDsx769u7hEPBBXIVB9KWERQyF5bCx5i:6sx769u6PfXs9KWERJ7bCx5
                                                                                                                                                                      MD5:CC506819831D6D20D51E08139BD6305E
                                                                                                                                                                      SHA1:197EF84DDDFE640D18E9264E625FA9C3D3BC67D9
                                                                                                                                                                      SHA-256:0253F0174323D3977B3A31BA624A7C9916422C2C7FCD07CCA7F7C22B282F03D2
                                                                                                                                                                      SHA-512:4DFA3F4E87C9356C07E1A5A499E48FB0464DCFB1DD75426852EE85AB2311C26DA6A5905B33432341F733EC16AAA7FC373D29C5CFBB46980D44D6F8DF802042EE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZd=......d=.p....4.T<35l.d=.p....4.T<35l.d=...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............d>(4..>...........N...^.................d.+~.E....4..d........f........................................I.qk..B.....LZ.............d>(4..>................d>(4..>................d=......d=......d=..........................................d=.j....d=.T.]..d=......d=...B..d=.H....d=...B..d=...>.)d=...J...................;........4...4...4.."..............d=..d=..d=...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........d=......d=.....#d=.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1569
                                                                                                                                                                      Entropy (8bit):7.583832946136897
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                                                      MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                                                      SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                                                      SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                                                      SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.341393123966077
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:wsuQ3gW96tZw8E+YlLWXXD894dCohjrdQqrLpC7BX9C09snaLB:ws/g+6rVEplSXXD894dCgjRQyE7j6aL
                                                                                                                                                                      MD5:86D288AC91F961C37E6C78A9F76FDF07
                                                                                                                                                                      SHA1:F58885EDEF0844FCD9DCD7AD34CA683F8BBE3AEF
                                                                                                                                                                      SHA-256:C33BDBB95CB6D2135ADFB64322797AE02C7230096FE48C6AD8358DC8E2EC14AA
                                                                                                                                                                      SHA-512:95317A55BCD6EA5BCB33EDF5CC9AFF8EA317158FF64B6BFB38B7EF12955B4B50B54CEB0764DC270B59C4D8B0D8239DC392F057A7B08428EDD7D71A396040C963
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........?g.D....3..r ...?g.D....3..r .....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............W.Yr.$.7..h%.......N...^...............F..u...I..^...P4........f........................................I.qk..B.....LZ.............W.Yr.$.7..h%............W.Yr.$.7..h%...........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40035
                                                                                                                                                                      Entropy (8bit):7.360144465307449
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                                                      MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                                                      SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                                                      SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                                                      SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.635580065723012
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:JTs9CX+rtE3/vXa+9GrsRQyoIi1dRirzT:VsYX33/vXN9GrsRJo
                                                                                                                                                                      MD5:879D19402B99B574B9297FA6ECD6CC67
                                                                                                                                                                      SHA1:451D170DD953B7CABEC879592F00310696740555
                                                                                                                                                                      SHA-256:50B4B37BEACA8739FC9D0D9F777E0F3CB707C4D525BA3C4642A8ECBE2E3013D4
                                                                                                                                                                      SHA-512:5A8188EF5B84C701222F034177A36FCF2675F7D4DC971FE10BF6EE123959CF6CC1516231D05A16C03D953A646D17A116DBADED7DE38461735852B96AC22EC74D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v...~...................................................................................................................................2...>...f.......v..........................................[.T....$+eZ.I.......I.qk..B.....LZ...[.T....$+eZ.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............y1..yfX.,n..l+./....N...^...............p... .A..@..#aT........f...................................:....I.qk..B.....LZ............y1..yfX.,n..l+./........y1..yfX.,n..l+./........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):242903
                                                                                                                                                                      Entropy (8bit):7.944495275553473
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                                                      MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                                                      SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                                                      SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                                                      SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.337332854714349
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:YZsGSFAhWZmbHSbpLEXMRFXIL9KCbIRQyS1QMFEFvQGoJQJlL:qsGSFu6iHcKXMRFXIL9KCERJS1QMFEFn
                                                                                                                                                                      MD5:E62EFAB6BE2B7C971ECB27F5FA7650C6
                                                                                                                                                                      SHA1:66A3FAA5AFF08D909A6CB0C9402CDC551C10FCAC
                                                                                                                                                                      SHA-256:242BCCA8EAA622E8AB697A3E8762BB14184493BE9F976E1433F1558201C5F9F9
                                                                                                                                                                      SHA-512:87EA8832C693E044B3846091D8606337B3D44D2DB5A750F18DC7539ACAE3856EA098BF4D02187673829A1DF176BED7B9EAE6A10314BD3B802527FE3013FA7B0D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x...........................]H......]H.Bt.....z.a..e.I.......I.qk..B.....LZ]H.Bt.....z.a..e]H...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................s..,..j..T.....N...^...............V.).'f.D./..ht8.........f........................................I.qk..B.....LZ.................s..,..j..T..............s..,..j..T..........]H......]H......]H..........................................]H.j....]H.T.]..]H......]H...B..]H.H....]H...B..]H...>.)]H...J...................;........4...4...4.."..............]H..]H..]H...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........]H......]H.....#]H.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):70028
                                                                                                                                                                      Entropy (8bit):7.742089280742944
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                                                      MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                                                      SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                                                      SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                                                      SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.2718836329216705
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:isS6cecTz0KQqIGt2kaGE5VLPaIXWtvzI9ORFoFrdQqrsn8KdBXjxdpdmwB:isJYMXG0eE5VmIXczI9ODsRQyqBlXJ
                                                                                                                                                                      MD5:243198ADAC436DEFAF132F9C63C6C3AA
                                                                                                                                                                      SHA1:8D1C990355101461550369F263167BCD510CFDCD
                                                                                                                                                                      SHA-256:B35474102CEB7D065E1859C8EF3F5E5E840021E255B0AF3AE0E242A2D712715F
                                                                                                                                                                      SHA-512:518A81B6C83E6678574D68432BD346A9E4D18582AEDA61E6281146C6CF96983E8DF66C8FC510D8FABA75D73D0ADC7B546B5374F58651391D7BEEDC39DE7BC859
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ...........$Q...)......(...$Q...)......(.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............~..p...7KV.4.=....N...^.................R2.O..-#55f.........f........................................I.qk..B.....LZ..............~..p...7KV.4.=..........~..p...7KV.4.=........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24268
                                                                                                                                                                      Entropy (8bit):6.946124661664625
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                      MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                      SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                      SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                      SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.318088557332086
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2sEmhTGm+tGYvMEr0KXNx9bmOolrdQqrDxPoBXE9pDlrF:2sEkG38EnXNx9bmOMRQytowr
                                                                                                                                                                      MD5:BF82AC6722D2423E81ECBBE663CE8E1B
                                                                                                                                                                      SHA1:DE812C6CB28347795CC028F22D0FD3870C51D123
                                                                                                                                                                      SHA-256:9BF2AED62C429B143B810A51BEBC0C7FFC73CD1E68603566B970FCD4E8DEEFB4
                                                                                                                                                                      SHA-512:457DC493F7B94C9DF7421965CE879511CB67032136943B5169C71A063FF81F2CCEC5C889CC89D201D6296DB26A870733072F73D4E394F36883C330C2E3D32D0F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.D!......D!.f...4.t.@rKQ.D!.f...4.t.@rKQ.D!..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................x.%Q.J2.#]....N...^.....................j@..{T...f........f........................................I.qk..B.....LZ..................x.%Q.J2.#]..............x.%Q.J2.#]..........D!......D!......D!..........................................D!j.....D!T.]...D!......D!..B...D!H.....D!..B...D!..>.).D!..J...................;........4...4...4.."...............D!..D!..D!..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........D!......D!....#.D!............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):47294
                                                                                                                                                                      Entropy (8bit):7.497888607667405
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                                                      MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                                                      SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                                                      SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                                                      SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.4720561167847
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:4s5gj4mtxmEwLaFLFXC9tUgoFrdQqrHZUBX6IbkJyOx:4s04mCEwCXC9+gERQyqXTO
                                                                                                                                                                      MD5:947E388B2F14B41185F6BC402F4A482A
                                                                                                                                                                      SHA1:BD0F9663CC7B8F4097DDF3B43C0F00DC415042CF
                                                                                                                                                                      SHA-256:7DF942543D508FE2D9F96FC5E6DADE92C14FBAB1C1A05646713D052E23335AFA
                                                                                                                                                                      SHA-512:519838F872CFF85BDEE8591A5BB273025084A3009D95D98B7102505FFC425A153A1748F682D31EA462FBB6B8790E319996312557F94AB4BABA856DDCCB899419
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ.@.......@....&.X.U...@....&.X.U...@...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............../.. C.$nb..g.u....N...^...................'.cJ...`*`........f........................................I.qk..B.....LZ............../.. C.$nb..g.u........../.. C.$nb..g.u..........@.......@.......@...........................................@.j.....@.T.]...@.......@..B...@.H.....@...B...@...>.).@...J...................;........4...4...4.."...............@...@...@...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........@.......@.....#.@.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):347
                                                                                                                                                                      Entropy (8bit):6.85024426015615
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                                                      MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                                                      SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                                                      SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                                                      SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.354130388030968
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:wsZGOCjkPVNNtoDqE6UXma29+8ohrdQqr83ej0BXy6ge9JyZxgVJPb:wsUANrErXF29+8wRQy83u0r
                                                                                                                                                                      MD5:9A717EB7465A82B969516FBD8414151E
                                                                                                                                                                      SHA1:0C3E18000EADCE50F1D0C768EB51706207CC5DA7
                                                                                                                                                                      SHA-256:85C753156F52BA679818067CA6D4330EE1F81E094B434E385A29781B61ED2E68
                                                                                                                                                                      SHA-512:82415B287ECF21EE49303F7BD8030E795560DA2A2E3C2A2537EBA59E792F39578FF8682E5DD3C961355FD5B0696E93E98D08AEF310E283F6F30D2233A4725838
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.............'..._........'..._......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................8.T_......e......N...^.................W..VK......YE........f........................................I.qk..B.....LZ...............8.T_......e.............8.T_......e......................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):827
                                                                                                                                                                      Entropy (8bit):7.23139555596658
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                                                      MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                                                      SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                                                      SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                                                      SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.323817276866818
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:eyys4z0WmB0EXnFXA+9yWD2ZRQys/GnW6NG:is4ZmXXnFXA+9y28RJyqW6N
                                                                                                                                                                      MD5:E45F61455E2C752E1022F161CE498F8F
                                                                                                                                                                      SHA1:17427B0FF2AED8945641895AAC7D3D67E15FBF45
                                                                                                                                                                      SHA-256:ED9DA17F391804F6B1541F74CD623571CA72EFFC7123D4C91E83D9E57B35FA0D
                                                                                                                                                                      SHA-512:6E208376A37D0F2068C2DF90A9A4308082D84FF1A2931AC65E313A5AD2362E36145A2D75C2BD71533B92B4185C0D9CD6908D8BD98DF905B8DD2BD596129FD467
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.X.......X..l....GEuR.A9.X..l....GEuR.A9.X...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............r.e.U.^.8.........N...^................2u.7.6G....v...........f........................................I.qk..B.....LZ............r.e.U.^.8.............r.e.U.^.8...............X.......X.......X...........................................X.j.....X.T.]...X.......X...B...X.H.....X...B...X...>.).X...J...................;........4...4...4.."...............X...X...X...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........X.......X.....#.X.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4410
                                                                                                                                                                      Entropy (8bit):7.857636973514526
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                                                      MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                                                      SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                                                      SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                                                      SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.351563552066074
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:YeksDjrc93orLHPEZnf0MXsM9eAeBRQyGLIrqcyoz:FksoocB0MXsM9eAURJGL
                                                                                                                                                                      MD5:83B82BF53BD9D38B313223ECD704A303
                                                                                                                                                                      SHA1:23831DAB4955AABEB379C5839DCB89FFA7075F55
                                                                                                                                                                      SHA-256:D2BB269134FEAFDE705C62925298303DEC7A6D6ABDFD4012C0BB9EF11634F0C5
                                                                                                                                                                      SHA-512:AAFAB6BA64EF9E9339273CFEA1E72D186180409921AC0A28C08FD97E7D97CD364C3583CE4D5CC25A03AB7CBC51EBFDA1BCBFC8A93C394F2FBE60C033530099B2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ............*.).2o.iy......*.).2o.iy.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............q{w....TG.........N...^................X._.A.4A.{.|.........f........................................I.qk..B.....LZ..............q{w....TG...............q{w....TG.............................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):136726
                                                                                                                                                                      Entropy (8bit):7.973487854173386
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                                                      MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                                                      SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                                                      SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                                                      SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.326008630488347
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:lzQssceslPnThLcutw/0uxEKHLR9Xxp39qUowCrdQqrqYm0BX+lIP4ZksJ4mp:lzQsiOLcuGZxEKHnXxh9qUYRQyZIr5
                                                                                                                                                                      MD5:114ECFDA47706EE4A0B9FDA83F7DD6A5
                                                                                                                                                                      SHA1:251566F823A359EE3F07098BE6A89B264B27362C
                                                                                                                                                                      SHA-256:2A38491797F332F716477B84CAA4300C21A39E39EDEA413B22F647D55AE41C1A
                                                                                                                                                                      SHA-512:263C81B37F99E65FABFFB3C0F06B16F771D2E6FB9B5AFD052851E0E75B723D036403B9D0D64C2B953ED57A896E32FDA13B4D4ACD91D97D9C5A3ADD4B3EE23690
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.qT......qTZ.P....<.2...qTZ.P....<.2...qT..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............. X....+.2..q.x.....N...^...............BL..a.=I....O..........f........................................I.qk..B.....LZ............ X....+.2..q.x......... X....+.2..q.x...........qT......qT......qT..........................................qTj.....qTT.]...qT......qT..B...qTH.....qT..B...qT..>.).qT..J...................;........4...4...4.."...............qT..qT..qT..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........qT......qT....#.qT............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5136
                                                                                                                                                                      Entropy (8bit):7.622045262603241
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                                                      MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                                                      SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                                                      SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                                                      SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.414558185673008
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:psKDN0wYDaYSqJaS9sEZXd9Y9WUYRQy/OqOUVNTYQXMD:psKDN0w6aYSqJ97ZXd29WUYRJ/JnVNTV
                                                                                                                                                                      MD5:EE14FAD701178B1FEAEB891767E27D33
                                                                                                                                                                      SHA1:39D97AE1F9C5B0D6983037291526AD9C69493D60
                                                                                                                                                                      SHA-256:456F63ED99EF8BF9EB6D1B12FA0CCC3896D5AB1901333C7F73C1F9C3BE5B677D
                                                                                                                                                                      SHA-512:9F1502D36FF2CB2AA7C32B6DCFE7B61367DFE5906488D1B238FC12E6520EC81F48F6421901938924398DD53C6153774DCA3BF9BA95FC1B2F13F752733ED43BB2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ............ ......-.j=..... ......-.j=......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................>W.F.*.:....|....N...^.................S..!M..-=..C*........f........................................I.qk..B.....LZ...............>W.F.*.:....|...........>W.F.*.:....|........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52945
                                                                                                                                                                      Entropy (8bit):7.6490972666456765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                      MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                      SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                      SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                      SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.443439984221025
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:zWKprsSqWQ/6+zg5i+t4vgEbLoXXYX79Wd3FrdqrbWbBXoM2s6+0BkD+06XB:rprsSa/oi+REbLX79Wd1Rys5z/Ij06X
                                                                                                                                                                      MD5:FE6185C423613626066FE79234D86A87
                                                                                                                                                                      SHA1:0E7C2E7419BA550680973C1764AFE9F39160AEBF
                                                                                                                                                                      SHA-256:D3E81F3A4DC5A675AA43CFBB57425BC1F264B0DB64F42353080A1DDE88ECC2D7
                                                                                                                                                                      SHA-512:A85C5D247C751A1D1E3708D6A36C7E5E47EED8764B36BD4163AAD66F8D7ED67D451CE2D9F6E13F80A056CFC0AB50951AED110B0DFFE6DA484F7FAD35E8424D47
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ.........$..;$' G(Yh...$..;$' G(Yh...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............$.....m....S........N...^...................+..B.DQw..+.........f........................................I.qk..B.....LZ............$.....m....S............$.....m....S....................................................................j.....T.]...........B...H.......B.....>.)...J...................;........4...4...4..".....................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4....................#.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):79656
                                                                                                                                                                      Entropy (8bit):7.966459570826366
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                                                      MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                                                      SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                                                      SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                                                      SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.475399570787079
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:AshIyudKgf/Eh+tzG6EWn/ql5XMf9zs5koFrdqr2pUfVcrRXGOuBuIbgHu7p97XJ:AsOEh+XEtXMf9zQk8Ry2BrIr
                                                                                                                                                                      MD5:24AC1A266EF2F16356AD05F2957D05C0
                                                                                                                                                                      SHA1:AC9A5ADAC67BA357C8148E9C5197BBE4C8751B27
                                                                                                                                                                      SHA-256:0B9DD27986F2A920011DA907C1D043DB5FE4F299BA9AD4741F1373FBC3B11763
                                                                                                                                                                      SHA-512:93AAA2B73CF9379D49DD6688CAEF17539BDB66AE85273A08855059F35D0366F109DAA54EC755DB3F20622231A2AE8867715ACF9801ABE13158DC69E97BC828E0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ..3.......3(t9..=..NK...3(t9..=..NK...3..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............Z9.W7.8.~...2C....N...^...............@.j....H..(pX..........f................................... ....I.qk..B.....LZ..............Z9.W7.8.~...2C..........Z9.W7.8.~...2C...........3.......3.......3...........................................3j......3T.]....3.......3..B....3H......3..B....3..>.)..3..J...................;........4...4...4.."................3...3...3..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........3.......3....#..3............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40884
                                                                                                                                                                      Entropy (8bit):7.545929039957292
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                      MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                      SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                      SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                      SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.353233182943277
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Ylsm6WxsIEd+PXfI93mwRy06Q7ApNQF76pNATk:2smFxSgPXfI93mwRy06GAnQF76n4k
                                                                                                                                                                      MD5:60262D96B59D18C5A8E9E7C9B445C9EA
                                                                                                                                                                      SHA1:20A921D6B018F0BEB73F07BCFD718D1BE86FE904
                                                                                                                                                                      SHA-256:68404256B71A7ADD9B083FF19EAF87B9E371986F2B0EB13047078F1BEDE2FEAC
                                                                                                                                                                      SHA-512:35530FBAC09DDC203562458A33F344D05747D867BA73861632FB3C7A03D200E853D217D2E41ABAE1EEBD43BA100C08ABA66A8E913A38EA6258C5B01FEAEE6C9C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.[......[B....)..i`.(@.[B....)..i`.(@.[..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............QrZQ.)5...b2S.e.....N...^.................OT+Y.O....$.R`........f........................................I.qk..B.....LZ............QrZQ.)5...b2S.e.........QrZQ.)5...b2S.e...........[......[......[..........................................[j.....[T.]...[......[..B...[H.....[..B...[..>.).[..J...................;........4...4...4.."...............[..[..[..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........[......[....#.[............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):68633
                                                                                                                                                                      Entropy (8bit):7.709776384921022
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                      MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                      SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                      SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                      SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.445524078700225
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:5HyscebXmEg38BmXhXY9DQsRyIA8ieFU:5HyscebTg3UmXhXY9DQsRyIR
                                                                                                                                                                      MD5:BDA547C724E6F3231322B868F781294C
                                                                                                                                                                      SHA1:6C48B8374F3A392E68660B8E60F640CF863D03D5
                                                                                                                                                                      SHA-256:CBAB898DC2708B0DE29D7AD74E4670DCEDC208C34156317635E950CEE29BC4FD
                                                                                                                                                                      SHA-512:BA890979B19408F5983C75C0EC369A7E72040AE845D6195EE554C436B24FF54ACA618211C99C9E47AE896C3B83914FCD240528FBCDDE0BD28225238B3CD18A13
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZWRl.....WRl.w...a.:.]eWRl.w...a.:.]eWRl..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............Z:..#{4.7k ..C....N...^.....................A.)..e..n........f...................................$....I.qk..B.....LZ............Z:..#{4.7k ..C........Z:..#{4.7k ..C.........WRl.....WRl.....WRl.........................................WRlj....WRlT.]..WRl.....WRl..B..WRlH....WRl..B..WRl..>.)WRl..J...................;........4...4...4.."..............WRl.WRl.WRl..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........WRl.....WRl....#WRl............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11043
                                                                                                                                                                      Entropy (8bit):7.96811228801767
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                                                      MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                                                      SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                                                      SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                                                      SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.3390629532227845
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:SCcshtXRdwogX2AoEQ8BXiNB9TOkRyWSXxywf9:SCcshtX0oW2SQ4Xiz9TOkRyWSXxywf
                                                                                                                                                                      MD5:25B2A7A95B991005CEA67AA0BA364A92
                                                                                                                                                                      SHA1:5212936CB57333B3CC396CA48ABAF4BC48EB1629
                                                                                                                                                                      SHA-256:85ABD00F3CF0AEFDF286450B6B1FFDD4517D272355A71AA419D52A4ECA5CF555
                                                                                                                                                                      SHA-512:1EF030EC181853F91020D16BE275E5E2C4EB8BA612D9D66E0D50344D8014299F8D848C2D2712B19BE689927ED07160423E79978DDB83272A7D43A4DA89913773
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z......................................Gy...4."fhF.@.I.......I.qk..B.....LZ...Gy...4."fhF.@.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............[.z...............N...^...............".J....J...H 1..........f........................................I.qk..B.....LZ............[.z...................[.z...................................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):647
                                                                                                                                                                      Entropy (8bit):6.854433034679255
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                                                      MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                                                      SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                                                      SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                                                      SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.334455988625006
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ys82jL0NLttMEL5EjFLQcXumD97mo9rdqrKX+iXtYRXlDHskArshg:yskNLtKgEjF8cXumD97msRyK99YnwM
                                                                                                                                                                      MD5:D6FF57C0D94843593D20C8163BEE7EFB
                                                                                                                                                                      SHA1:908BC788790DED796941B968813D58E0AD10D477
                                                                                                                                                                      SHA-256:BBB57E5A83DED41B7A6B8803502EF0859CCAD194642732FCBFEA0A8FDFBC75F5
                                                                                                                                                                      SHA-512:02016DE2B8F98D8BC21399D62C756A838C2AE1B0487128DF6AEB7E1F49F0B2792C8D66CDD8899A43AF401C883DA804B09258098ACB7655193AD17BD6DAAB829F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|.......................................]...:...H."L.I.......I.qk..B.....LZ....]...:...H."L.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................v..%...jpae....N...^...............'Ue$..F..F..7..........f........................................I.qk..B.....LZ................v..%...jpae............v..%...jpae........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52912
                                                                                                                                                                      Entropy (8bit):7.679147474806877
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                                                      MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                                                      SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                                                      SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                                                      SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.325836067463785
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:qsiLSFRdEk4XqA19zesRyJKtOsjvzOAqZ:qs9Fck4Xj9zesRyIj
                                                                                                                                                                      MD5:C5F2CD5DD7DDC263DA8E30C86FF78D61
                                                                                                                                                                      SHA1:9C359A7FE5137192D26BC1EA17C2637D8F194A7F
                                                                                                                                                                      SHA-256:0457700D991F794E7971691A9318BEFFC5E8B1A68AF315146B7B67BF1DA5E261
                                                                                                                                                                      SHA-512:2864DA50945D2BBCBCEC8E0DB8402EF2AF29F6BBA15BA22A82A3729A789813940FC131A3A5D029F984EB20EC5C6D58012128D0D5D8002192788A669BA3EA66B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.1.......1.W..y...& g....1.W..y...& g....1...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.......................'..v......N...^..................h..L.Wsn...)........f........................................I.qk..B.....LZ......................'..v....................'..v............1.......1.......1...........................................1.j.....1.T.]...1.......1...B...1.H.....1...B...1...>.).1...J...................;........4...4...4.."...............1...1...1...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........1.......1.....#.1.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):27862
                                                                                                                                                                      Entropy (8bit):7.238903610770013
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                      MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                      SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                      SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                      SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.5076581368834985
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:OsnqgsojvvE5rKBXZB9rUyZRyp9zSsr4DNV:Osnqgsojk5GBXZB9rUARyp9esr4DN
                                                                                                                                                                      MD5:0793D9D827569EBE5D5799EBE3528288
                                                                                                                                                                      SHA1:756B69C24E9E521F0FE04624637838CAFD067B7E
                                                                                                                                                                      SHA-256:9D3DE7A8CADD8575ECFDC45B693FA3A355753AB67FE650D3E3142F675B848994
                                                                                                                                                                      SHA-512:5F8F4CEEB25CE1269F01501C3113C672A88EC732FE0EA7CAFCEF1CC605EBC2FFB6A584581EED2B83E23C3ADA992A6618CE48C9C4BE20E307B5B1743A039A76C0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......r...v...f...................................................................................................................................2...>...N.......v................................I.......I.qk..B.....LZ.9s......9sA....8J#+....9sA....8J#+....9s..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............e....H......w......N...^...............DE...O...G............f..................................."....I.qk..B.....LZ.............e....H......w...........e....H......w............9s......9s......9s..........................................9sj.....9sT.]...9s......9s..B...9sH.....9s..B...9s..>.).9s..J...................;........4...4...4.."...............9s..9s..9s..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........9s......9s....#.9s............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                      Entropy (8bit):7.231269197132181
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                                                      MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                                                      SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                                                      SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                                                      SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.314435041046447
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:MBsUiUltZkb+QHXtMf6E3VpLrWXkHR9fhJoLlrdqruTRXi9a9ECF:MBsknZDAX2SE3TGXkHR9fhJ4RyI/
                                                                                                                                                                      MD5:C99A3565493D9612842E592B93E0021F
                                                                                                                                                                      SHA1:D29826D7CA0E6A0F4F9694E67D78DB45493FC5EA
                                                                                                                                                                      SHA-256:124423609B52749DA4D5AA90D71BA19856D748F4D29B804CC2E0641847D5D08D
                                                                                                                                                                      SHA-512:8D22C42DCA93D58B13BC9BB2C53EDCFEF29217370E8536A57A155C371DEB61D829E0715776A91058992802414B007164A8028D405E182F5CAEF55FF844A4CF16
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.-;......-;..}.....V.6.1.-;..}.....V.6.1.-;..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................g.....*\."......N...^...............A...'.G..3.V..h........f........................................I.qk..B.....LZ................g.....*\."..............g.....*\."............-;......-;......-;..........................................-;j.....-;T.]...-;......-;..B...-;H.....-;..B...-;..>.).-;..J...................;........4...4...4.."...............-;..-;..-;..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........-;......-;....#.-;............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):34299
                                                                                                                                                                      Entropy (8bit):7.247541176493898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                                                      MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                                                      SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                                                      SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                                                      SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.351096848142344
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:asZY/8DEyFYX4a9Da7kRyBMBTVAGBGLM:asm/zkYXH9Da7kRyBMBTVAGBEM
                                                                                                                                                                      MD5:3D6C54A559D7CB1C0DA7EA1E1C701E6B
                                                                                                                                                                      SHA1:08D480D26CEED5358356AB7493418F0C78EFEB6D
                                                                                                                                                                      SHA-256:1749A3A3E0F31026EB850E5E156485FE34B9F2C31DF6F7F1FFFC012F83EB44FC
                                                                                                                                                                      SHA-512:5F78C0EF5BBA9DD9D7C78F9B4EB3E5745E6FB6C6C592FD39B813AB4BFBF3CB5A0F9BCA14066A458978ECE468B353134ED99C3499B00B5B0E78F3A9BA7D0CCDC3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ............@;.7..2y.0Y....@;.7..2y.0Y.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............$......?z|..!O%....N...^................Z1[..H.>..w..........f........................................I.qk..B.....LZ............$......?z|..!O%........$......?z|..!O%........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10056
                                                                                                                                                                      Entropy (8bit):7.956064700093514
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                                                      MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                                                      SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                                                      SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                                                      SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.33259133145375
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:CIssLNCtwd4I3qtmMpoEXh2aLg6cX/X6c9OqxxotrdqrQ7bi2GARX+AIV9YZn5IV:is8wOMq2EfHcXyc9Oq3MRyQ1tS
                                                                                                                                                                      MD5:A8E8878F1EE950F38CB9942ACB629A0B
                                                                                                                                                                      SHA1:8B3AC2705888B46DB4173C538BABA052A40BC18F
                                                                                                                                                                      SHA-256:C5C1E62DABDF1BB93FBED6D87056A4B24A7A33B33F390CF0504638438969139B
                                                                                                                                                                      SHA-512:682A51D98815846AD247FC41E4D1F4168346E75AA1B3EFBCFDBB3A74CFF2BA967F3566E8DFD00F7279746D0409C4D880B6C1029D1C9DEE0C3DDEB82100AAE57F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ/Nm...../Nm..[..!Hv7.R../Nm..[..!Hv7.R../Nm..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............Di..P.. .ZK3.......N...^...............]|"%...E.?a...'e........f........................................I.qk..B.....LZ.............Di..P.. .ZK3............Di..P.. .ZK3............/Nm...../Nm...../Nm........................................./Nmj..../NmT.]../Nm...../Nm..B../NmH..../Nm..B../Nm..>.)/Nm..J...................;........4...4...4.."............../Nm./Nm./Nm..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........./Nm...../Nm....#/Nm............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):84097
                                                                                                                                                                      Entropy (8bit):7.78862495530604
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                                                      MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                                                      SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                                                      SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                                                      SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.337468729780741
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:LsJS48La038nt1j2EMxOpXB+Mp9/roBf7rdqrRrG0RXGjRt8xHxHJh:LsoRL138nXKERpXBbp9/rC7RyhRmsJ
                                                                                                                                                                      MD5:C3B138858E29343A9BF66C4DD448EB7F
                                                                                                                                                                      SHA1:D51FA1F72D07D29765DC7B441220D99562D6E62C
                                                                                                                                                                      SHA-256:9CDD2BA7D76BDB23A2721E95BFF94390B5E90C5F1F6AB526137ED586B06DEE77
                                                                                                                                                                      SHA-512:4C7531CFB2E3F8A154A52874E6954459CEB326F96BED1760AD8A6C4079FC683899D98E1D8D28BF1E722A5381A1C9904BA796C2B82598BDFB870F8457C2C17469
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......L...v...@...................................................................................................................................2...>...(.......v...t............................I.......I.qk..B.....LZ.m.......m....q..8.%v...m....q..8.%v...m...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............y...2..+.<SO......N...^.................MZT.zG...j...........f........................................I.qk..B.....LZ.............y...2..+.<SO...........y...2..+.<SO............m.......m.......m...........................................m.j.....m.T.]...m.......m...B...m.H.....m...B...m...>.).m...J...................;........4...4...4.."...............m...m...m...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........m.......m.....#.m.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):64118
                                                                                                                                                                      Entropy (8bit):7.742974333356952
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                                                      MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                                                      SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                                                      SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                                                      SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.331786003839153
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:asnTES6fttgEpOXz9/1oFrdqrvCtk5CjRXIkcRjRfZ7:asL6fYEUXz9/1ERyvvC/QfZ
                                                                                                                                                                      MD5:1EE1123AA83CA5F376DDCA1FF235DA95
                                                                                                                                                                      SHA1:CC687D3436BFF454FA86740D3FF79DDEEC5E7BB9
                                                                                                                                                                      SHA-256:CC4BBD8E7A98AA8DB1339EEE592A6742AE5E22AD0AA19938BEC9D28400337C6E
                                                                                                                                                                      SHA-512:04A12ED4005916156C1ED5BD036F1938B49512FEB9C2450263914071EDFEF750134BF3F44ADBEE636BB23B593864F866AC8FEBBAD8261422F3E81C77BC21D2ED
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ]h......]h.......L*]]...]h.......L*]]...]h...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............dV.|K..25._.0.....N...^................}.....L.%.....s........f........................................I.qk..B.....LZ.............dV.|K..25._.0..........dV.|K..25._.0..........]h......]h......]h..........................................]h.j....]h.T.]..]h......]h...B..]h.H....]h...B..]h...>.)]h...J...................;........4...4...4.."..............]h..]h..]h...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........]h......]h.....#]h.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65998
                                                                                                                                                                      Entropy (8bit):7.671031449942883
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                                                      MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                                                      SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                                                      SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                                                      SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):3.2383123129116687
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:OsqfvY6lPWm+WEc8qwOXu7O9XqsqdjSNR0TqlFA:OsqfvY6lPWjcaOXu7O9XqnuNR0iF
                                                                                                                                                                      MD5:52544AC50492275FBE71AC10AF69FCB2
                                                                                                                                                                      SHA1:DDE79FECD596E16BD1925753ABE2E7304E5C7BD2
                                                                                                                                                                      SHA-256:01F0140265FDA185C0D2ADF1A9D8C9AF5081B9264F76039AA9ED622CFBDAAD92
                                                                                                                                                                      SHA-512:97034908C98F9479BF1790466CD8C1355649E24AB072FA38A7B3A932F6F6BBA13215D1330E5722FC822C7A5358CB56D1201A6BD4D760A14E2C31748AD4075026
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......................................................................................................................................2...>...j.......v................................I.......I.qk..B.....LZ..4.......4.>.%..N.Z..AY..4.>.%..N.Z..AY..4..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............$..`[D.....[.+\.....N...^................d....iK...`cj,k........&...................................>....I.qk..B.....LZ............$..`[D.....[.+\.........$..`[D.....[.+\............4.......4.......4...........................................4j......4T.a....4.......4..D....4H......4..N....4..?.#..4..9...................;........4...4...4.."................4...4...4..z...y.. x.. ...........$........4...*..7*..7...........Op.b..F.$..i.................;........4...4...4...........4.......4....#..4............................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32656
                                                                                                                                                                      Entropy (8bit):3.9517299510231485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                      MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                      SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                      SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                      SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12824
                                                                                                                                                                      Entropy (8bit):7.974776104184905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                      MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                      SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                      SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                      SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32656
                                                                                                                                                                      Entropy (8bit):3.9517299510231485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                      MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                      SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                      SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                      SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12824
                                                                                                                                                                      Entropy (8bit):7.974776104184905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                      MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                      SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                      SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                      SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32656
                                                                                                                                                                      Entropy (8bit):3.9517299510231485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                      MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                      SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                      SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                      SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12824
                                                                                                                                                                      Entropy (8bit):7.974776104184905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                      MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                      SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                      SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                      SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.332883665714079
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YuSsYxfYQQUTtejEya79XR9j5jdBrd3rD5x/RXT9DtJ:YdssQUTiEyaxXR9j5rRbPh
                                                                                                                                                                      MD5:01C7A176DAAEABFE90CC7C260C862336
                                                                                                                                                                      SHA1:C89DC59681AEE6FA2B477559D2BE968CCC6BEBA2
                                                                                                                                                                      SHA-256:6AD41C84438E6E5D44F739C68250B737CBE83A059A885BF8B1F8B8BD52818A16
                                                                                                                                                                      SHA-512:23F1B9AB0052A47885553D9CA993E294BB3108E205AF574604FB1E6D6D3DAF6E3D40A853612A68472198E653D3D9F6675B508C440771F567AF98D4B010AB4423
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x.............................................b....I.......I.qk..B.....LZ..........b........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............4..S.....b...`v.....N...^.................\z.l.K.r.d.b.U........f........................................I.qk..B.....LZ............4..S.....b...`v.........4..S.....b...`v.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):39010
                                                                                                                                                                      Entropy (8bit):7.362726513389497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                      MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                      SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                      SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                      SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.4315071390542755
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:ZsXMzZGUcNk4E2lXn49si4RbBg2P4ZyQGs:Zs8tcCAX49si4RbBjP
                                                                                                                                                                      MD5:382AA31B8941DE50538E2993D2A47531
                                                                                                                                                                      SHA1:35CEB20B183CEB3D4673CFA541FB77E42FD21F50
                                                                                                                                                                      SHA-256:FA8DF335BEE42CF639EF522917ECC0591E93FBD9DFC27512DDC9EBA52219554E
                                                                                                                                                                      SHA-512:B7BF085236A679C2613921D49E4A00C50EF760CD7AB9AEEAD79CED68DB2F62CFAE52CC37DCF3ADD70E291A5C4F6469E0BC7DA5083411CC7FC23FBE9B570E6F79
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZe@......e@.].....E.K....e@.].....E.K....e@...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............$Ht.TR.#.OK6......N...^...............yF...(O@...[`...........f........................................I.qk..B.....LZ............$Ht.TR.#.OK6..........$Ht.TR.#.OK6...........e@......e@......e@..........................................e@.j....e@.T.]..e@......e@..B..e@.H....e@...B..e@...>.)e@...J...................;........4...4...4.."..............e@..e@..e@...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........e@......e@.....#e@.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):25622
                                                                                                                                                                      Entropy (8bit):7.058784902089801
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                      MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                      SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                      SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                      SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.321098236481327
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YuzocKsgp5dU0bQtSHaMEHGKGXA9Bitj42erd3rUgxbdX3DSiYUW9aV:YEocKsua0bQUaMEmxXA9kt0Rb/pWQ
                                                                                                                                                                      MD5:48617E10C5F93DC360D9B7D69D3C644B
                                                                                                                                                                      SHA1:6F67E64C6C0BB003DF4CDD54417A216471E15386
                                                                                                                                                                      SHA-256:356FF078B76E9E34C114959FA04B6B135CDC262A4B05DDB68C4574F160D4A778
                                                                                                                                                                      SHA-512:D3AEEF9C37139553C7E75AD56C0DE1E5C94A23AB84732127B694DA8C5A32AE4A8CD8FDD5FE62F213A720B902F5502AAD58937E00E48B9098079AD55F31BB9414
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ@.&.....@.&.....z.....@.&.....z.....@.&..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............lG 7..#..P.K~4A!....N...^................w.Bs.qG..2KF..J........f........................................I.qk..B.....LZ............lG 7..#..P.K~4A!........lG 7..#..P.K~4A!.........@.&.....@.&.....@.&.........................................@.&j....@.&T.]..@.&.....@.&..B..@.&H....@.&..B..@.&..>.)@.&..J...................;........4...4...4.."..............@.&.@.&.@.&..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........@.&.....@.&....#@.&............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2033
                                                                                                                                                                      Entropy (8bit):6.8741208714657
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                                                      MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                                                      SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                                                      SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                                                      SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.310967650563991
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Gs1dqEHLXmCCzoE8PXM89wcGVRbisnoC8gjo1rV:GsZr2CgV8PXM89wcGVRbisO
                                                                                                                                                                      MD5:464FF2FB25CB7C9698480481CE7D94AE
                                                                                                                                                                      SHA1:CB44ED1FB694AD4DB181133F653D274D4C4B1D7B
                                                                                                                                                                      SHA-256:6D934339D5AE4F31E87950FE20BFA925AAC4C3442F108D0F23E1082F4D06C6C8
                                                                                                                                                                      SHA-512:0631443D56E4616CCD2EB7C9680E1AD289C4D6CF54C358A463A3009D1F99ED81A0FEC85A30F40E0E7BCE0EB74250AF1785C8597BF71D8EC3CEAD07F131C03D11
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ4Q......4Q.F..O...f.g.2.4Q.F..O...f.g.2.4Q...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............K.Uu.....w*._..h....N...^...............s.#\WF.G.Z....>4........f........................................I.qk..B.....LZ............K.Uu.....w*._..h........K.Uu.....w*._..h.........4Q......4Q......4Q..........................................4Q.j....4Q.T.]..4Q......4Q...B..4Q.H....4Q...B..4Q...>.)4Q...J...................;........4...4...4.."..............4Q..4Q..4Q...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........4Q......4Q.....#4Q.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55804
                                                                                                                                                                      Entropy (8bit):7.433623355028275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                      MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                      SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                      SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                      SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.45935996182541
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:0sYcb+ZWwC12UptGmEbzMXXX9Sd2j4VrdMrfuE2dXaWkR8Al:0sYrZO12UpXEMXXX9Sd2wRMWE26F
                                                                                                                                                                      MD5:ABEADA8DF1C3E793CB355C9C0ECAAB67
                                                                                                                                                                      SHA1:79548419CE7D84022E0E93D164E112D4B39C04CF
                                                                                                                                                                      SHA-256:44A8ADC2B13C21D315F3A16F60437F6CDFFB5FC76B61E5B674D1BF7D6CCA3EBC
                                                                                                                                                                      SHA-512:95F8CB8201B7F939D2814DD6A7591F1055B7D746544636ADD869A7522A6113B6A763EF5CC4C1B65BF3D4E725E07AFD0461C2E209E5D9D752EC72804D034F6C42
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ.2 ......2 ./.....).....2 ./.....).....2 ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............+....%..........N...^....................].B...............f........................................I.qk..B.....LZ..............+....%................+....%................2 ......2 ......2 ..........................................2 j.....2 T.]...2 ......2 ..B...2 H.....2 ..B...2 ..>.).2 ..J...................;........4...4...4.."...............2 ..2 ..2 ..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........2 ......2 ....#.2 ............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):59832
                                                                                                                                                                      Entropy (8bit):7.308211468398169
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                      MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                      SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                      SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                      SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.3589038898502555
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:HDsmNS133Q0WEWXp923BgRMbzW7S4US5c:jsm4J3RWXp92RgRMbzt4US
                                                                                                                                                                      MD5:75843F3EEF8D8B50455E505680CE070E
                                                                                                                                                                      SHA1:C1249701B9418B1CCC8A376746CF7B9AC35EC80E
                                                                                                                                                                      SHA-256:FE1E9764DB1FE52B8A7CB6FFE759A7455B4C219680B9F12A1FBD154E583D06C2
                                                                                                                                                                      SHA-512:BD5F9CC2FC4844831B7944101402B1D5365B10F0E087F7069C168D8AB1BCB9C7B6EBE3CEA40DA2CEDB803035F93E10B3B237E75FB9CB9519AAEA328EE5152C89
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.^5......^5.{s....@l.N.F.^5.{s....@l.N.F.^5..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............FW9,.[X.-.....].....N...^...............0..^.O.D......3........H........................................I.qk..B.....LZ............FW9,.[X.-.....].........FW9,.[X.-.....]...........^5......^5......^5..........................................^5j.....^5T.^...^5......^5..B...^5..C...^5..>...^5..|...^5 .3...................;........4...4...4.."...............^5..^5..^5..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........^5......^5....#.^5............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):33032
                                                                                                                                                                      Entropy (8bit):2.941351060644542
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                                                      MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                                                      SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                                                      SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                                                      SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12180
                                                                                                                                                                      Entropy (8bit):5.318266117301791
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                                                      MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                                                      SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                                                      SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                                                      SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.357179401114889
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Es7b3NiKUltkNb/EPEczowLREKXQfiZK9KzsA0p5trdMruKQXnz9kN9ANxY0/ylt:EsFiLlmBEsAow1XQKk9cW9RMxbI+0/2
                                                                                                                                                                      MD5:CF4FC7E155A639F0378B5D01C1DC2498
                                                                                                                                                                      SHA1:B81A08E759DA4E4CDD1F141A44D141040680091A
                                                                                                                                                                      SHA-256:42F5E190F41FF69ACC5B613D3BC6B3F0CD53D0B2D9EDDE6971C95C7D81077792
                                                                                                                                                                      SHA-512:FFF5C4CE70EFED1793DFA38BBF95FBC5E478187698ADB4FBE95581E6D7E6CD8B656EC4DCE9D75AEE3A91847F1958A0BF2A7CBAAB28F2374858AED04B18924F4C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.6.......6.......K.G-..6.......K.G-..6...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................S...+...)F......N...^...............W.X.lC3F..m.Y#K.........f........................................I.qk..B.....LZ...............S...+...)F.............S...+...)F............6.......6.......6...........................................6.j.....6.T.]...6.......6...B...6.H.....6...B...6...>.).6...J...................;........4...4...4.."...............6...6...6...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........6.......6.....#.6.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2104
                                                                                                                                                                      Entropy (8bit):7.252780160030615
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                                                      MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                                                      SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                                                      SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                                                      SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.359756975811265
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:QhsdmzVBgXN1tNoOtE2JlZVMNXZpJ9Ns1pyWKrdMr3VwDFXg0QQaZV8g:esOBMN1XXE24XZ39NUBKRMFkDY8
                                                                                                                                                                      MD5:4E1BBFAB4D08386966F2639A105866D8
                                                                                                                                                                      SHA1:75A43EDB0BE46D05134DE6B0FC740065756ADAAF
                                                                                                                                                                      SHA-256:683E70401C9E0F5F7D8034450D1CC3448AD2D666B4635CDE84086CDE367D1B2C
                                                                                                                                                                      SHA-512:C7EFFC12C7CB1AB71B0B125C2A512912EDC0F00C08B9AE439866184B3F04BDF6014F98477D354E29A7DCD4E3BE52F5BDA1CDABD10781488C37EF881BB02FE901
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ............I.>....?..7....I.>....?..7.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............wR!.....V...J.....N...^...................K.A.b.3............f........................................I.qk..B.....LZ.............wR!.....V...J..........wR!.....V...J.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14177
                                                                                                                                                                      Entropy (8bit):5.705782002886174
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                      MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                      SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                      SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                      SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.355946686396353
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Us+ZdUhtZKfRrtutEYXL712XlO9k8s3tpyFrdMrp63C6FXNR/UEUz9vUJIiUPUEh:Us0oKfRrgEQQXk9x4oRMv6plcU6lTIQ
                                                                                                                                                                      MD5:58DDA69D1B0F868BB0A69339ED4E1B72
                                                                                                                                                                      SHA1:919B62A3A98FEC4A987605923A942BA45A780916
                                                                                                                                                                      SHA-256:173637D218490DD91D2E08E07ACA514E9B87CE03DD54CA6365AF1E4905B940DE
                                                                                                                                                                      SHA-512:6FE2808C500C71DCED388FF55567494A6EABC336A067540B566D44106064454AF32572EC231148F4776583158EF7B4C3D623313715B83316BF3B1B25528B96EE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ:.R.....:.R.....=.3&J,W.:.R.....=.3&J,W.:.R..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............S.'.%.....S..S-....N...^...............J...Z..M...l.5..........f........................................I.qk..B.....LZ............S.'.%.....S..S-........S.'.%.....S..S-.........:.R.....:.R.....:.R.........................................:.Rj....:.RT.]..:.R.....:.R..B..:.RH....:.R..B..:.R..>.):.R..J...................;........4...4...4.."..............:.R.:.R.:.R..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........:.R.....:.R....#:.R............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):36740
                                                                                                                                                                      Entropy (8bit):7.48266872907324
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                                                      MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                                                      SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                                                      SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                                                      SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.4413734103505105
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:RsUmTyC31YJELBXD9t8oRMrhowlWy8+nN/SloJcL:RsUmTyC31FLBXD9t8oRMruwlWy8+nN/i
                                                                                                                                                                      MD5:9708C48E75212AA80C410C09D63FE8A3
                                                                                                                                                                      SHA1:76270B7DCA593FEB733843DBC8A68AA191A690B6
                                                                                                                                                                      SHA-256:2CD9884464F155B0664CA46FFCA230179FF995438FA06548CAC40C78285318F6
                                                                                                                                                                      SHA-512:C658934DDF923EE616B98B92AE7CE27E2B7A2976200F043A7212E39E3708563B340328BC0952C0A84B30DF41C19E688CD43781697CAFE5C442AEB2F203110DA8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v..........................................b....8X1.\A..I.......I.qk..B.....LZ...b....8X1.\A......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............G&.j.....l.......N...^...............6w.....B.%. ............f........................................I.qk..B.....LZ............G&.j.....l...........G&.j.....l...........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53259
                                                                                                                                                                      Entropy (8bit):7.651662052139301
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                      MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                      SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                      SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                      SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.348848481770502
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:usJBYTCut6PXUptAEGEXDJICXAC3D91sMpyVrdMr9BCaFXy1hzD1n9:usgRgPXUpKEX1XlT91NoRM2aeP1n
                                                                                                                                                                      MD5:FCA9B09C836D87CFA474D9ACC44F3CC8
                                                                                                                                                                      SHA1:3861A073F6D2B6BAF5390375CBBB926EF5E06657
                                                                                                                                                                      SHA-256:5F4F87C34C1D2EAAA5F99B7B847CFC71A81A60F9877DE8EA2A6746A13DF7E44B
                                                                                                                                                                      SHA-512:D95A2391168BE6D04421E33EDFAC80295A0BD42861E816C1DEFDE06FD632BE23461D99268FCCBCD186FD1E6E60492C23176A9D50BFEF4EF8CC64E0DDD1E99388
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..N.......N..#5.'l.......N..#5.'l.......N..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................I.=...w..~....N...^...............T.-.MM.M.|.k..".........f........................................I.qk..B.....LZ..................I.=...w..~..............I.=...w..~...........N.......N.......N...........................................Nj......NT.]....N.......N..B....NH......N..B....N..>.)..N..J...................;........4...4...4.."................N...N...N..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........N.......N....#..N............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60924
                                                                                                                                                                      Entropy (8bit):7.758472758205366
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                                                      MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                                                      SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                                                      SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                                                      SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.307183728711538
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:8sL7OX9H2kLtYpOEJtNIXwKM9HdsUpyFrdMrjq2FXSQ9A2l5:8sfk2kLPEqXwT9HdVwRMW2T
                                                                                                                                                                      MD5:A9A728D332A2E3DDEFAC024911B19076
                                                                                                                                                                      SHA1:A5526E989D5E10510D8CDB03CC0446B73144FCC0
                                                                                                                                                                      SHA-256:A0F37D2A065E5A98897A691FB907F6DA69D2BBFD72F27177469677AB0873B943
                                                                                                                                                                      SHA-512:0FB426609D49B71C09364B0646CEE0E4BAD4A30125D0375E50FB76084289A91781EEE3AD69F5C3A0CDF6BB8EDCBE787A1DC8725E3D6D58FB9677A084C7368E61
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ^2 .....^2 je...2....H.^2 je...2....H.^2 ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............<..7..%.7.........N...^...............U-L.N..J.....vR.........f........................................I.qk..B.....LZ.............<..7..%.7..............<..7..%.7..............^2 .....^2 .....^2 .........................................^2 j....^2 T.]..^2 .....^2 ..B..^2 H....^2 ..B..^2 ..>.)^2 ..J...................;........4...4...4.."..............^2 .^2 .^2 ..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........^2 .....^2 ....#^2 ............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):515
                                                                                                                                                                      Entropy (8bit):6.740133870626016
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                                                      MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                                                      SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                                                      SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                                                      SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.379824958442247
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:mstrmOWiwwNMtgECEPA8K1XN9dsiXpy7BrdMrlIyt7FXONOYHE0g:msttwwNMCPEP6XN9dBARMuyt76lE0
                                                                                                                                                                      MD5:6311F8DF4AA4716B41E986C27C754876
                                                                                                                                                                      SHA1:03252084F808B58FEEC3D71ECB6CA06929C8304E
                                                                                                                                                                      SHA-256:854B70F113DBDF1718BAEE370A5589590DBB1DD42FCA00CA68AC94BD54070161
                                                                                                                                                                      SHA-512:2F78D67422AAE80F8F9B58FF11F339F0EAD5094A952A9BCB66F9E0B7EB5CCE6042C51CB17481B2CA2B9A8C925676D4167D4F9F8D97A8B2C31125400139A3C802
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.j.......j.TS.b.-.....j.TS.b.-.....j...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............}....:i..........N...^................Q}.\.J.....9d.........f........................................I.qk..B.....LZ..............}....:i................}....:i................j.......j.......j...........................................j.j.....j.T.]...j.......j..B...j.H.....j...B...j...>.).j...J...................;........4...4...4.."...............j...j...j...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........j.......j.....#.j.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1547
                                                                                                                                                                      Entropy (8bit):6.4194805172468286
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                                                      MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                                                      SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                                                      SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                                                      SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.326459140806188
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:GsB2lXT7yOjzt1RE05MjOXge9ZUbpyxrdMrTSFXFim5fkJh9mJlHnF:GsQ9jzJEIXge9qbURMOIIl
                                                                                                                                                                      MD5:FECA511F09BA969A9B017C51FB7FED13
                                                                                                                                                                      SHA1:A9362CC843B6F86399554888F34CBF13F76EB6E3
                                                                                                                                                                      SHA-256:91049D7B34FFA9B3B2AB7F5B3499F18C672F6A7AFA260AA8A29B0ADA018866FF
                                                                                                                                                                      SHA-512:63A8AB8187E13D7F625C1B1B4CDA3AD6C955C5599AC849160BB77100FB97C8E577DCBE667592B7EC12048597CCA9706C26704E1D3828BC7286B5A4F8A5835F04
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ!.g.....!.g}.......>...!.g}.......>...!.g..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............Z...........S@N....N...^..................&...B.{.;lIm.........f........................................I.qk..B.....LZ............Z...........S@N........Z...........S@N.........!.g.....!.g.....!.g.........................................!.gj....!.gT.]..!.g.....!.g..B..!.gH....!.g..B..!.g..>.)!.g..J...................;........4...4...4.."..............!.g.!.g.!.g..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........!.g.....!.g....#!.g............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):95763
                                                                                                                                                                      Entropy (8bit):7.931689087616878
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                                                      MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                                                      SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                                                      SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                                                      SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.332216241410213
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:zKbspenD+RtpzEEyLgr3X0a7v9lUwpy9rdMrts5zFXqxXXoay3F0jXoimhm:zKbsi+R0Ey07XH92wARMSAsa
                                                                                                                                                                      MD5:0ADA4C352C1C57CB359831D054F6B9E4
                                                                                                                                                                      SHA1:31392121DB5CEB88FB4737EB5F2500E16AEA5737
                                                                                                                                                                      SHA-256:2FD56CE7C9755DD25375BC5E4F509D598A167F504538CBD8F31DA76A5B55B26E
                                                                                                                                                                      SHA-512:D537016ADBE92DDE9A479F17177FC86AEABDC038DC1A58C0557BEDD3728BA1D7EDD0CDC543047877726C93C55CA1A284D9CA620DD5DDDE2CE0001D87C7D8DAF4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.e......eA.J....v.[.|..eA.J....v.[.|..e..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............P..5.;.=.~m.[......N...^................=.....J.'q...[.........f........................................I.qk..B.....LZ............P..5.;.=.~m.[..........P..5.;.=.~m.[............e......e......e..........................................ej.....eT.]...e......e..B...eH.....e..B...e..>.).e..J...................;........4...4...4.."...............e..e..e..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........e......e....#.e............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):67991
                                                                                                                                                                      Entropy (8bit):7.870481231782746
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                                                      MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                                                      SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                                                      SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                                                      SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.353586914263918
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Esx5X2J8sEdJXyX3dVO692/ERM7E97EW2y3:Esx5mJOdJXyX3dVt9cERM70EW2W
                                                                                                                                                                      MD5:5E9EC262A82BB7C84B4B2F5F14700CFC
                                                                                                                                                                      SHA1:96CBC68E87CF4B92FC5D55F254844FCCB69E2818
                                                                                                                                                                      SHA-256:F91D2BDE31AAE32C9BB320BD082D394C17BEA61ADADC6443E8A45529E884AE61
                                                                                                                                                                      SHA-512:EA1147DFEA1EB39DDB58E9E7C60A56438EDF2D6354CD009B0D9F229DB8C0B60386DA86977D80ED3285B21E4998EF78A6F3015600658EEE22B17E9976CD5113D9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.......J........Q>.J........Q>...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............3...7..x.=.K......N...^...............=Q...H...I.a=.........f........................................I.qk..B.....LZ..............3...7..x.=.K............3...7..x.=.K..................................................................j.....T.]...........B...H.......B.....>.)...J...................;........4...4...4..".....................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4....................#.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):22203
                                                                                                                                                                      Entropy (8bit):6.977175130747846
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                      MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                      SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                      SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                      SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.3954103745881445
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:iOsrwAAfxxV77bcMtm2zPE15LLiiXShi9BUhpydrdMruUCYBFXB51Msk2x+E4yXk:iOsrU77bcMrEDxXj9Ch4RM/Ig
                                                                                                                                                                      MD5:4CB9B3444F319B5587A85D02AA970553
                                                                                                                                                                      SHA1:EB1A3FA738C951572CB623DB0DB9D20CB87FF766
                                                                                                                                                                      SHA-256:0D216809AFD9DC49C6388153416F9CB8FB30C1547DBB2E0ED4D7DAB2A3373B7D
                                                                                                                                                                      SHA-512:63A6D5F6647C21F0A11B84F7C21D9B9A7A036C0583F66350D01CE95C3458E9951769F3B1463D4ADE5937D5A4176E112F115B6883EF48952664A82F39B7F22FB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I.qk..B.....LZ.............d ...^?w4......d ...^?w4......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................}\Z.....F]......N...^.................s...O...=..MH........f........................................I.qk..B.....LZ...............}\Z.....F].............}\Z.....F]..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15740
                                                                                                                                                                      Entropy (8bit):6.0674556182683945
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                      MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                      SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                      SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                      SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.311622932222723
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:6s0aHZzqZ+2aEjPXXQ7VE9KUoRMEkJ767WaHwxc:6s0a1qYOjPXXiy93oRM78WaQ
                                                                                                                                                                      MD5:B3365EAE8BB3BD2D15E1553FB3DA1580
                                                                                                                                                                      SHA1:010B69BFB09CBD7A6CCFD94AF69C25256637E160
                                                                                                                                                                      SHA-256:703F54E9DC8679CC348FD5443DF641F77ED864D55921718A0CA51D5F778CE699
                                                                                                                                                                      SHA-512:38ED2EC11E48F8E8F793F6E0CB27BE0F37FA04C2CF445C40355E3ABC906E210337FE8C87EF06E4E19788BF4A6311FC0249999432DEEEEC39C5A08C2466A8A9CC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZrRZ.....rRZi.74.-.$u|.j.rRZi.74.-.$u|.j.rRZ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............wb......O.7.5<.....N...^...............R...&5.@.#..Il.?........f........................................I.qk..B.....LZ............wb......O.7.5<.........wb......O.7.5<..........rRZ.....rRZ.....rRZ.........................................rRZj....rRZT.]..rRZ.....rRZ..B..rRZH....rRZ..B..rRZ..>.)rRZ..J...................;........4...4...4.."..............rRZ.rRZ.rRZ..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........rRZ.....rRZ....#rRZ............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):86187
                                                                                                                                                                      Entropy (8bit):7.951356272886186
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                                                      MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                                                      SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                                                      SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                                                      SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.657781693851125
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:eGWPsFmoi6t9o9EdzbULSBhr1Xke0sa9IOUcpyFrdMryxsuFXIR8DRVj:ws9i6jMEtUcJ1Xn0v9mc4RMGDywF
                                                                                                                                                                      MD5:B211DA043035ADD6B14BA0BD649C1CC3
                                                                                                                                                                      SHA1:1C08BE44B9666DF611348658C7DF5E71444CBEBA
                                                                                                                                                                      SHA-256:C0A06B16869C582EBC47966C52A82C9A55CB31A5ADEC13C67A7ED56BD6C94E6B
                                                                                                                                                                      SHA-512:E8290452B5735E495AF23376BFA87059E16E9D7CFBEDF1F1C393C454250BDCCBD498B0470D5133BC0B3041BD09770388E7D88BF220A3015FEA4F7FD5972D41C0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......................................................................................................................................2...>...t.......v................................I.......I.qk..B.....LZ.M.......M....2.>...{H..M....2.>...{H..M...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............E...z..3T.........N...^................c.....J.1<z.M.<........f...................................H....I.qk..B.....LZ.............E...z..3T..............E...z..3T...............M.......M.......M...........................................M.j.....M.T.]...M.......M...B...M.H.....M...B...M...>.).M...J...................;........4...4...4.."...............M...M...M...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........M.......M.....#.M.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11197
                                                                                                                                                                      Entropy (8bit):7.975073010774664
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                                                      MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                                                      SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                                                      SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                                                      SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.328718548151713
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:odzsAdX3KHdttMElLQgXn9NUApylrdMrydLFXUtGZqkO:Osqad8EltXn9OAwRMiLvq
                                                                                                                                                                      MD5:F58B09AC281C20A7B3B3FD9B9CD9A77C
                                                                                                                                                                      SHA1:03272A5A3A69E31A5F79D5E75E68CBADD8B600EF
                                                                                                                                                                      SHA-256:0F687F9D42E771329FBF9F3C15035EB6C389867271FEB68C4139009EE5E4B316
                                                                                                                                                                      SHA-512:125D3B2A4D13186BB12E7C633CCE82765AEF17ED7ACB8373C31E8840477C2A32AF37D2FD7D418F9313908C4417ABFBACD6A888D8BC412D3AF274B19E8A94E0A3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.t.......t...@.?..`R..~.t...@.?..`R..~.t...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............a.Iga:..?.".\.....N...^................7J.Iz-F...Z.A.........f........................................I.qk..B.....LZ............a.Iga:..?.".\.........a.Iga:..?.".\...........t.......t.......t...........................................t.j.....t.T.]...t.......t...B...t.H.....t...B...t...>.).t...J...................;........4...4...4.."...............t...t...t...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........t.......t.....#.t.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):19920
                                                                                                                                                                      Entropy (8bit):7.987696084459766
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                                                      MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                                                      SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                                                      SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                                                      SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):2.9158498667203343
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:yWslr+WdT6XytFcyE1L/9NVSL6MhwXXybb9psPpyNrdMrHX/E6FXfpzAdjEydQpI:yWs76XyjE1BN0fMXsb9pioRMH86Q
                                                                                                                                                                      MD5:53ACFDD35CB75C593928204994D3050D
                                                                                                                                                                      SHA1:2FF5B17B9C7094272BEA1E79DD494E9DD0220CF2
                                                                                                                                                                      SHA-256:E6CD5CCBA09A8160A77A8CE2A0A932D6C62A81C9EEC1C35CCB846F7C96CFD56D
                                                                                                                                                                      SHA-512:ACFD5CD17F34D6E4AA38E6EACC3B365C52D565DD70C95AE20A08D66335C599C13D5B8539D7C039E2CADACF82CDF006C90AE5B57FDF4275C73E6CD651D423F61B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......................................................................................................................................2...>.......H...v................................I.......I.qk..B.....LZI{].....I{].@A..:@......I{].@A..:@......I{]..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'........................|........N...^...............vA.-..O....L..v........f........................................I.qk..B.....LZ.......................|.......................|.............I{].....I{].....I{].........................................I{]j....I{]T.]..I{].....I{]..B..I{]H....I{]..B..I{]..>.)I{]..J...................;........4...4...4.."..............I{].I{].I{]..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........I{].....I{]....#I{]............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):179460
                                                                                                                                                                      Entropy (8bit):7.979020171518325
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                                                      MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                                                      SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                                                      SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                                                      SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.339599604096336
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Cs7NGczf4QOtcyHyE40eXt9tsQpy1rdMrHNZFXuy4SZuuUtD4Z3Vmg:Cs7rf4QOxSEmXt9thQRMtZPUWw
                                                                                                                                                                      MD5:B17EA433BECA84FAAA16B6DB60A50B50
                                                                                                                                                                      SHA1:B16C573EFC829A3EBF41EA9026489C6867B21288
                                                                                                                                                                      SHA-256:3C4A161303F1A50824E3A0387DB37C23AB78676EDFCDD4B178DEC8ABBC9697C5
                                                                                                                                                                      SHA-512:A375EA6495D0F0A2BBE933098EE0AFCB0DBBD79A2FB5EAC5B34F5838775C96E7748210373ABD6D4F1724851FA9CDD4BFF279964A48AFF13E0E79C7573BB205BA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZy.......y..P......Xg....y..P......Xg....y....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............y..d...m..x/......N...^.................5. K.A...IV.9.........f........................................I.qk..B.....LZ..............y..d...m..x/............y..d...m..x/...........y.......y.......y...........................................y..j....y..T.]..y.......y...B..y..H....y....B..y....>.)y....J...................;........4...4...4.."..............y...y...y....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........y.......y......#y..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):109698
                                                                                                                                                                      Entropy (8bit):7.954100577911302
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                                                      MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                                                      SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                                                      SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                                                      SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.350578314180488
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:isJmwCcwQTEOXnD9FfdYRM7D9tvFJFtG8F+/Kl:is8wCccOXD9FfdYRM7BxL
                                                                                                                                                                      MD5:E08D08F9E58AE4AE288DEB462365CADC
                                                                                                                                                                      SHA1:517DF651E48E67311B48B0FE104F21AC0E2B8229
                                                                                                                                                                      SHA-256:92E6ECF791812AB80A2697D8C92ABFADD9B118655AE05090B1A18130986856CE
                                                                                                                                                                      SHA-512:3A8DD3C8D7DC2A71E7537554EEBA5B2D6B29D9F17453B5597CD8B7379CDFEFCF9910157F0C289405076E58B5FEF566689ACB1AEEFDCD8CD1100DEFB7ACFF1770
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ...........}......;{.......}......;{.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............{..J.=..._...Q.....N...^..................<`..K.y..=..........f........................................I.qk..B.....LZ.............{..J.=..._...Q..........{..J.=..._...Q.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):41893
                                                                                                                                                                      Entropy (8bit):7.52654558351485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                      MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                      SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                      SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                      SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):3.3606262357756664
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:P1WZ80M0wBW4xmV48j08DbPUErl7xMOS/bgMkw:aUX7YLA8Db8EJSDI
                                                                                                                                                                      MD5:F39D671B70F98D4CB0D57F61E99F6994
                                                                                                                                                                      SHA1:9878D1EF4BC477A118E5260835B6BBC1CF5F657C
                                                                                                                                                                      SHA-256:AD5BC818CA93EFDB04D57F3E42F13A603E23E9BA52B6FC30115E02368BE82C02
                                                                                                                                                                      SHA-512:877F64B2B3B3FE67249F86DA9EFEFE9C09F2916164E0F1FF713B9D9F0208144CDDD0FAC76A3B1CEE57C18079563638CF737A416F9BAC0CC0AE664D9462DF26F1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........0.......................................................?...............................................................................................h.......................................^.......^....._C..r.U..a..V.......V.=......i....od...=..7......od..r%S..uM.....g.vr%S...V.=......i...s..V..........?.......?...................................................^..T&d..?....w..?..X....?....4..?.......?....$..C..T(P...s.T.9................4..(.....x.(.....?.......?..sUP..:/,..M4..s.......s.5=.9O..+.X&5.2.......v.......4...............^.....V.?...od........................s........V..c..,0...e...B4.$........[.-...I.......9......................^....._C..r.U..a^...C...C.G..8..C..C....s.5=.9O..+.X&5..s......>...............r%S..uM.....g.v..V.=......i...s................od......od...=..7.......s.......s.5=.9O..+.X&5......^.......od...c..,0...e...B4.$..............E........................................0...........e....4..................T.o. .D.o. .L.i.s.t........s.)..O@
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):3.9178265545987094
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:BseXPTdSwniX0kTH6tRzdfFXvtxmZPR95HDRkrhLr:Wk8BaRzSV7
                                                                                                                                                                      MD5:AB377F369C5D63C41BA1D09E70DBE191
                                                                                                                                                                      SHA1:B2F4173AFB1376115319397CD85E002B857EB9FA
                                                                                                                                                                      SHA-256:E4129302186782844A67432FC6F6292008F52A55B41388ABFA2BDE0F0EDF00D1
                                                                                                                                                                      SHA-512:D3508F26140C81F82DF177416B4153D814B02FD4EED0C83A597BBDC0D03FDA90F41DBB410697B41CA836D834C68F1BBF41B78348A06924DA5C88DDCA307DDEB4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......X .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZ.~p.;....~pB.C3.+..^...I.~pB.C3.+..^...I.~p..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............Vy.F..;.v\.>.P....N...^..................#~..O...S!{..........h...L...............................D....I.qk..B.....LZ..............Vy.F..;.v\.>.P..................................~p......~p......~p..........................................~pj.....~pT&n...~p......~p......~pH.....~p..K...~p......~p$.........~p-.~pJ.~p..z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.5............(.~p#.~p8.~p..z...,4. .......$>........4...4.@..7.....................D..n4..o4..p4...4. .F
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):68633
                                                                                                                                                                      Entropy (8bit):7.709776384921022
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                      MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                      SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                      SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                      SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):4.065496060918962
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:1bA4iTfNyOJSEOfW76BCv3VJ/23JejO9+q23ofF8J7mX5w7uyQ3TRJe/VDkMz8Ha:xA7RJ/kJF8J743RJ+X/zvc//3OCZ34R
                                                                                                                                                                      MD5:E0D996C75FE076CD0B66E6669075C85F
                                                                                                                                                                      SHA1:E7992ACA0772CA43598FE948FFCFD423B93E80BC
                                                                                                                                                                      SHA-256:473D99E35322FDF90FB63C3D9D0527FCA9BD68270976AF26728A86B787E64A17
                                                                                                                                                                      SHA-512:12B757B25CB282839416B0E3F61EDE430E19FDB6DA7035D75FB5B2B8FA61BF26A6112C09F07AEE6CA498C1500C5DFB0CCF3CDA56C6C7EDF3E6F4378E0AB1102D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:N...>.......L...d... .... ...9..N...>...........d...h...@...@;..............................................................................................................................................b......W....1V.J.}.y'@......'@.L..r.*FC...C.'@.L..r.*FC...C.'@.....W....1V.J.}.y.....I.qk..B.....LZ.I..........................................................................j.......T.7.......~.............H...................&...........'...2.....z...,4. ...."......$>........4..`..7......L.o.w. .P.r.i.o.r.i.t.y.........................:.........z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.2.3...........'@...z... ..$........................................2..7.........1.h...?.......?...?....rA\.-?>...o.u.t.l.i.n.e.L.o.c.I.D...o.u.t.l.i.n.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.4........?ff.A......'...%.........z...,4. .......$>........4.@.4..`..7.....................D..n4..o4..p4...4. ..1..........*...........%...#...'...&...9.......
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):59832
                                                                                                                                                                      Entropy (8bit):7.308211468398169
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                      MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                      SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                      SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                      SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):3.227960519676378
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:vkR8k6uQnFjXTAYemY59yxZvRJ66a2eAsU4c:vkR8k6uQFjXTAYemsKZvRU6a2eAsXc
                                                                                                                                                                      MD5:9882FAB278A2C82E06FE8A9ECA010F66
                                                                                                                                                                      SHA1:07E19EF0CBF336AB651EE663736102189332F9FA
                                                                                                                                                                      SHA-256:4C13FEF6241677E9AFFAB2391347B5E1EB0AAEB7D344E4407EDB6521D0739B33
                                                                                                                                                                      SHA-512:C3812AE197739A47873A2768CB2B694AB9A299DDDBCD44EE4169C3B0D52F0EC77155F6431A34B9B3A860C5103BCE17374642AA1641CE87EFC8F0DBA029CDB51F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v........ ...-..2...>...B.......v.......@....,...........................................................................................................................................I.......I.qk..B.....LZ..n.P.....nvu.J...0.......nvu.J...0.......n..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............M...q-H.8.j...?....N...^...............7.B....L.....z.X............................7.B....L.....z.X........7.B....L.....z.X........M...q-H.8.j...?...................................n.......n.......n...........................................nj.^....nT'.....n.......n.......n..-....n.......n.......n .L........n3..nI..n..z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.6...............n3..n9..n..z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53259
                                                                                                                                                                      Entropy (8bit):7.651662052139301
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                      MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                      SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                      SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                      SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):2.69379866006119
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:V4mldxiXUPedCDJTUlllpxiOlwQMDsUlzqhWl6sxiVlkTmUlmezTEaYUliu+3+w0:VLSdCmlJGQqlHrzlmwEaRlwaOl2i+
                                                                                                                                                                      MD5:136DCE467D61D73441524BE4310BD538
                                                                                                                                                                      SHA1:4E5F4AED9C42A4FBB106E37E4AF215FCE4910341
                                                                                                                                                                      SHA-256:009EAF2CE28727213F30C001B4CADDBCE9D73ADF41258203D88F08301710549C
                                                                                                                                                                      SHA-512:14F44C09E3AEE0124D45CFAC9C72C5420BD546DB66690442C622EC74046900DFF5AB897853FCC038AD50D98293B1494D56FD447E43BBB6FEBE496B2DCE973A05
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...........................................?..?....?.....................................................................................................................................................5.......5..E.M@.....Hx.:.{.....:.{.%B.F.<.q}...G.t..\.7....U3lG.t...a._^..pnh.qe....V*'......Ge".^.V*'...........5.......5...................................................5...q...5.`....:.{..8..:.{..T..:.{..]..:.{..d..:.{..u....................4..~...1...(...(.......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.T.e.m.p.l.a.t.e.s.\.1.0.3.3.\.O.N.E.N.O.T.E.\.1.6.\.S.t.a.t.i.o.n.e.r.y.......S.t.a.t.i.o.n.e.r.y.........1.......S.t.a.t.i.o.n.e.r.y............:.{..1... ..$....S.t.a.t.i.o.n.e.r.y.......V*'.....V*'......Ge".^.:.{.....:.{.%B.F.<.q}...2...........0...`................5..V*'.G.t.:.{.........................V*'..c..,.......................V*'..c..,0................I.C.V.+:*.................:.{.:.{..1... ..$....S.t.a.t.i.o.n.e.r.y...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Matlab v4 mat-file (little endian) 0, rows 975182774, columns 0
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):72
                                                                                                                                                                      Entropy (8bit):2.5379158065751644
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:bxldHRaHthTb8aatl:bxldH8HtNuX
                                                                                                                                                                      MD5:E09B64563124E24F01EC96A4ABD3250D
                                                                                                                                                                      SHA1:24C7DBC253CCCA4CE7D17F325015CF443FA3EDBF
                                                                                                                                                                      SHA-256:4D275D32D9D4FB97D18AD17439118546257881B64AFF2E6568414231C0D852A5
                                                                                                                                                                      SHA-512:1A48715120AA61A4C281D7FE6FB0C4EB2A55F6657A4A5AA437F39022298AD61CF7E572CB6053497A45EA87BAE2E03A27613C4C39A7796DE5579A9079F462BFC1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...... :............0.......................$..@.......@./.@............
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):0.04401584019170665
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:RRk//:Lk
                                                                                                                                                                      MD5:CD74ABACE8A00B17BD8107BC5982C21E
                                                                                                                                                                      SHA1:D53193CF8A43D766FBFA52976192F44D6B0F79B2
                                                                                                                                                                      SHA-256:B670BC07C9CB554511180DCF3F6A2C7818E8CE6E67B84784F0EA4D35EC61D516
                                                                                                                                                                      SHA-512:1B48A37FCF0F9FB9ED9B31A8F3E36596689BF1EEC6F41F5EFA3C728121944919CE7A81F0379A108D80AA051CFEF07DC296F9C0691FC8855983B2F29EC15C7FEF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):0.4935371079264069
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:NTcvzaelN/3B/GwJfabKmGDsrkYw1EVHuKmGDsrkk:Vcvzl/BOWmGw/QEtmGwz
                                                                                                                                                                      MD5:75D9C5543279AFFBAB6B3ABBC84E2CF9
                                                                                                                                                                      SHA1:AB8C79ADE1132365B8192E8285B6631FCCFDDC87
                                                                                                                                                                      SHA-256:9ED263CFDCAC33B9B2AE32FB46662622F07084AE740E2797683999B564066764
                                                                                                                                                                      SHA-512:C95D119C4DDEE281D02A4835DDFDD4CCEC4582F1CFA6E77E8DD9BB575C0DC56C1401BA8F50BDF5F9843324B8B1D32A0054F7C2426D32DE98B484603116D9103A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........~..................................................................................................................................................................................................*^.5F.....rC............................*^.5F.....rC.....................................................................................................................P..............................................................................5........m;.H....7.5N..........b...........b.&.r??H....T.N....N...^...........................................................................................................b.&.r??H....T.N............................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.740981190377394
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ym4pNa9/nUxz3LczExyw0LeABlkw0LbECLYcwEwLAJxPZOcA18LEGi:1rMxjiExyLqAgLfECEpEwcvR1O
                                                                                                                                                                      MD5:4DD577F08EDA969F3CA9CF541E5CBD34
                                                                                                                                                                      SHA1:62376808BF150C84622470FBE8968C4EF909E9EA
                                                                                                                                                                      SHA-256:C1CF7442C289191D8CDE1BEA6AEE59C4AEC4CBA459DD2E90F021E6FA086811AF
                                                                                                                                                                      SHA-512:9E63D6F92717D82BD9669DE295125554E5E7FC1977F79C77EC0D60DE2F30B9BF7A76B0CA92B1E4623165F9BC7B7CCF5AC3F113E7E03F6943F7243C33E26F3E2F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:j...(...`.......L..................................................................?....................................................................j...(...........L.................................%.......%......7.E{..T............>E[.&. NL....^...Q.)..3}.J.^....%......7.E{..T..%.....>E[.&. NL...........................................................................I.A.....I.A....2~..,P....{.......{...F..i..Y..2.......^.........................%.....I.A...{....^................|.....X.........2..............."...T$....X.T.R..x~.T%j........{......^...c..,0...e...B4.$..........C@RQ.H..B......Y............................G..I..u..(*4.^.......^...Q.)..3}..I.A....2~..,P..I.A..@,.G.3.,.v.....@,...{...F..i..Y...{.....>...........:.....%......7.E{..T....>E[.&. NL.....{...F..i..Y.......x~......I.A..c..,0...e...B4.$...........I...M.....0...............................0...........e....4..................T.i.t.l.e.......|{....B.l...R......(....Y......(...D...L.e.c.t.u.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):4.741068358185637
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:DsPiePYNpOSbXq41RiyeD3N6NAgLF419MPsZG1ld+18g:4kuSTv1Ri1n0FSMPs
                                                                                                                                                                      MD5:22E6C741B66FCF2DC0409DFCAF6AF6E0
                                                                                                                                                                      SHA1:EC268D53E79CC84246542556192299E487D8C31B
                                                                                                                                                                      SHA-256:DA6CA5A17F7CE79EA877B5598B036FAFEB26137312ADA7FCDD4B71016F50F7D2
                                                                                                                                                                      SHA-512:DD952BE8C645BB7A7FE9CA61162BF7227A62B4654476213BCDCC045D1E99715C5B54E4AD225D9479C58172ADB4F8E74E0CAE1D25F25084A816BB349FA0AC9201
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZd..4...d....F....p..Z.d....F....p..Z.d...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............kT.R^.,L.-........N...^...................\..D.[................>...............................$....I.qk..B.....LZ..............kT.R^.,L.-..............kT.R^.,L.-.............d......d......d..........................................d.j....d.T%;..d......d...W..d.H....d...+..d...S..d...........Z4...........................................4../4......p...............C.a.l.i.b.r.i..................d.:d.kd...z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40884
                                                                                                                                                                      Entropy (8bit):7.545929039957292
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                      MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                      SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                      SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                      SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):4.427250202293727
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:/sQZsBKK0fD76rQKo8L+09vi8oQRTuRVt1BgNcXqwOMRkrh/aAzNiWn9TMcjlje1:0mB8Qt4+043QRsVt1i0qaRkrFaS39
                                                                                                                                                                      MD5:A8EE8CB4406016E2D3E052C16DC02633
                                                                                                                                                                      SHA1:79C7B35064A3DC7C3273F6DD2925A5173E84BA31
                                                                                                                                                                      SHA-256:304B96A882AB24A2514E98F72B869CB0A0B4503CC71F92FF6BCDE9AFDE059C5C
                                                                                                                                                                      SHA-512:850F8B77F3A84EB9B211727127D2171F0AFAA744835B8297EE4A758BE6035CC23FB072EFAB856127D1086B047DB33354E9CD98E298EEE949845030A06AAF3115
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v........ ...)..2...>...B.......v.......@....(...........................................................................................................................................I.......I.qk..B.....LZ....H...........2.w&.H.........2.w&.H......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............|.......%...o#]p....N...^...............+..K.M.J.|'..._............................................"....I.qk..B.....LZ............|.......%...o#]p................................................................................................j.".....T.................T............. .A............. ...........3...:...8.....z...y.. x.. ........ ..$...$........D..........7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.5........................Z4...........................................4../4......p.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24268
                                                                                                                                                                      Entropy (8bit):6.946124661664625
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                      MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                      SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                      SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                      SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):4.641893341262964
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:/s49sIhx3ywVWuXK9hjnGYv15weUniL+7B6Xs/WSRpC577KTpxWr/A19APANYA:0Z2x3yKanjGYvkeUnT1Us/WSRpjdx8/i
                                                                                                                                                                      MD5:5F3EC0854FF5B7EF7545FF185C91572B
                                                                                                                                                                      SHA1:93000AF37EE8821235CF9EF93CC7E228F26437D4
                                                                                                                                                                      SHA-256:C70914C506C22078ADFDB5F7AEEABE56B6EEBACA10DC477624CA378723C15714
                                                                                                                                                                      SHA-512:470455C59BA5A0796E5D0EC0957DB340F18053859C631A0D7E7F6EF6E456B59F5E6E6CB2CFCE997C31FF9C6B3BB2888F3B6A518C840F5AC9C7F4542E7ADFFC5C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...6...z...v...N.... ..X,..2...>...........v.......@...H+...........................................................................................................................................3..N....3..r.>.,Gk.C...I.......I.qk..B.....LZ.3..r.>.,Gk.C...3...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............R...y...R.r..p.....N...^................3..v.6F..../..(............P....................................I.qk..B.....LZ............R...y...R.r..p...................................3.......3.......3...........................................3.j.9...3.T.....3.......3...s...3.H.....3...0...3...`.&.3...........3.3.3.:.3.A.3.8.3...z...y.. x.. ........ ..$...$...............7...7.........*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.1.1................Z4...........................................4../4......p.........
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):39010
                                                                                                                                                                      Entropy (8bit):7.362726513389497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                      MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                      SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                      SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                      SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):3.9377703612737327
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Q9sbj6L9vjjoaCD1gsPMReLksMPDNXEdi83wqUxMwY8SAUhXr2ey4DHg4EA:Zbj65vPOD1NPMReINEdiWwqUmwPjgtyE
                                                                                                                                                                      MD5:3D02E9E974057758A1CF3211C69FEAD1
                                                                                                                                                                      SHA1:7F4189FDC2C8CCB9F430D48BCC5B850EFD5F0137
                                                                                                                                                                      SHA-256:88ED2AB170EF9BA3FB15EAE93FBDAD360E69A63874FB5BE73DB72006267C7E73
                                                                                                                                                                      SHA-512:4ED7CE94A38BF011E170B905B72E9D5F1970009A2039DDA9AC0E731A83D7664AFE5007A5470FD0E542C51826A7C9E2ADDBD868B7D853DA90E441C77AFDDF7881
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....>.......B...v.......0 ..x#......>...........v...^...@...h"...........................................................................................................................................I.......I.qk..B.....LZ.m......m$a.V...^...,..m$a.V...^...,J.m..#.2.Ag.9k..R..].#...I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'................w....fT...=....N...^.................xI.? H..K..W.N........b...8....................................I.qk..B.....LZ...............w....fT...=..................................m......m......m.........................................m......m$a.V...^...,J.#..8....#.2.Ag.9k..R..]2................................I................................mj.#...mT.G...m......m..Q...#.H.....#.......#.$.7...#...........#.!.#...z...,4. ............................"......$...7...............T.u.e.s.d.a.y.,. .J.u.l.y. .2.8.,.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):59707
                                                                                                                                                                      Entropy (8bit):7.858445368171059
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                                                      MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                                                      SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                                                      SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                                                      SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):3.8638336147820063
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:7wsbWVClpGHait+moKcCXuK0RlXzIC4gvaE+N9qZbGy/fro:ZbrlgaiUmoKc8uK0Rl8C4E+PqnX0
                                                                                                                                                                      MD5:BB2DED4BCDFB04A3CF28BBFF8F480DDC
                                                                                                                                                                      SHA1:839D2612BFA0EFC15488C8FED78C0A4C4B6BBCCB
                                                                                                                                                                      SHA-256:E0585DE892EF0A387542492A704E92B94F3E8F844D971992D2D3E7AFA03016E7
                                                                                                                                                                      SHA-512:410364956DA3B059AD95B5F584B0B88C6B6093FF08E409DA57EF26A6824D9D40B58D5AB23858D30B6312ABB1D0E7FCDD3657582DF41ACE5680E24BA6A9CB8F18
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v........ .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZ.<8.<....<8..c.....gR..<8..c.....gR..<8..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............QJ.BQ.<Mu2.g......N...^....................owJ....;.s.............................................D....I.qk..B.....LZ..............QJ.BQ.<Mu2.g....................................<8......<8......<8..........................................<8j.....<8T.T...<8......<8..|...<8..;...<8..h...<8......<8 .W.....'.<82.<8..z...,4. ...."......$>........4..p..7......S.u.m.m.a.r.y.........................<83.<88.<8..z...y.. x.. ...........$...........7...7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.9..............<8
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):27862
                                                                                                                                                                      Entropy (8bit):7.238903610770013
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                      MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                      SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                      SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                      SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:big endian ispell hash file (?), 8-bit, no capitalization, 26 flags
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):5.345246818643987
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:vnapN9oAw0nok7XxkyOUvrC15pbYWASKY0asLj8jDRZdGI5yfDWggXXg:v0NokVkcZ2Pk6z
                                                                                                                                                                      MD5:FC1ECE03D0B20613B689295EF0A1D718
                                                                                                                                                                      SHA1:C63832912F52077F15003051C46129CF1E2F6216
                                                                                                                                                                      SHA-256:12E49538098291344804216312425CCA30129099A43CC43FD4F63BA04F03E230
                                                                                                                                                                      SHA-512:74B7B61794685F225E0E97E9DE42A5C1786F115371D49432E5E457E9C2236DB4801F3C21276DAF2C7CA7B948A56C81DC815859F2759E9CF151231E24EF7CE3F5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........`...........x....@.. !...M..............................@K.. !...K......................................................................................(................K.. !.. L..............#.......#..v.......)..N................9....:F....+P.o.*../..............v....Z.a.......p.......8.B.....p..........a......a..................................................\..T.......T.S..'..T.....?"T!d..h5'T.....9T....0.gT!....sT"0...........0...........e....4.........................A..:4E.2..p1......(...`.i.....(...(...B.a.c.k.g.r.o.u.n.d. .-. .Y.e.l.l.o.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.1.9...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e....?"......?"<...B..A!..T.^.t.....^.t9.7.J.....}.2.......4...........D...................-j..\....?".h5'...)...............0...........e....4........................yf.....F.Q.........(...pO;.....(.......S.t.a.t.e.m.e.n.t...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.076910012448379
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:bQsDlmk88nhtLtsEau8PXHW9HK1hGToyrdHrMI7SdXexKtuxgTKQupM:8sM8nh3sEauWX290GTLRLUx
                                                                                                                                                                      MD5:22BD789906070E4736129DC2C1AFD56D
                                                                                                                                                                      SHA1:F837CD0F398BC831B08F6E486851E2DEEE6536AD
                                                                                                                                                                      SHA-256:68E813EE849FDB1EBFB7C1B1EFA436EDB5BEC94CE1DA7477CD0994C9A1A6D6B0
                                                                                                                                                                      SHA-512:BB1597CB6A7FE37BDEB1AE3F494283CC164C3BB110D80DF752DBEA935C70A54624D7120067861C62AFA75EF972D53A5F0502DB637981E2A1DD6702CA115ECCB6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>....... ...v....................................................?....?.............................................................................2...>.......|...v...H............................I.......I.qk..B.....LZ..%.......%.....+...u.']..%.....+...u.']..%..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............q.......!.B..z|.....N...^................n....J.k_e#..2........f........................................I.qk..B.....LZ............q.......!.B..z|.........q.......!.B..z|............%.......%.......%...........................................%j......%T.]....%.......%..B....%H......%..B....%..>.)..%..J...................;........4...4...4.."................%...%...%..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........%.......%....#..%............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.094336212767361
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:O0sIYx2hwaNSctQRtotMEfmPX/c9u8GJTo0rdqrmInddXNxAe4ky6eBeNx3Ka:dsP2hwaNSc0t6MEwXE9uDJTtRyPdses
                                                                                                                                                                      MD5:5676C5B5268A9CB374B8043B0798497F
                                                                                                                                                                      SHA1:82D6570836BE39D3648754E4639DC376DBD6713F
                                                                                                                                                                      SHA-256:0A869B91ACBDF9AE19387C430E4DD0A9E59D3837032B1A083492927E8D2665F6
                                                                                                                                                                      SHA-512:191F55C0F4CB086DBD884E5C23E08711EC9B405E8EA46915715A11C1A3AD9E9EAA9CD7D45B4EF355E455D29FE8A205092E7EFE4A73391E11C4541A5D3EEA6DBB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ`.......`..s".......R..~`..s".......R..~`....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............R.pp....#...0:-.....N...^...............(.WD..oK.}o..Q.........f........................................I.qk..B.....LZ............R.pp....#...0:-.........R.pp....#...0:-..........`.......`.......`...........................................`..j....`..T.]..`.......`...B..`..H....`....B..`....>.)`....J...................;........4...4...4.."..............`...`...`....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........`.......`......#`..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.081239289103376
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:8YVP5sXWyb/dSY6UtnQEE3pWXw9cBRFToMrd6rjIJdX2CaJSBhH0JA1SDg:FspVSY6UrE34Xw9cRFTFRi6seg
                                                                                                                                                                      MD5:0E7786715BC6CD5787A74DEE22FF0996
                                                                                                                                                                      SHA1:235525DEB5866443BB87AEA67042B49C3B23270E
                                                                                                                                                                      SHA-256:6A361C712E401DE97B761409ECB97E59E5691DC854A397DF824A2E3FC80DF35C
                                                                                                                                                                      SHA-512:2764B0ABAAB07EC650C61DB9B67B9E716B1E4C0AA4EA7E8C7DD841A0C8E62D5262DDE7A9392E0D97325EB33460D7A793957640F79FB1430D23D7300DDE28C814
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZE.......E....-.......Z=ZE....-.......Z=ZE....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............c.!.7.H,.D >....N...^.................B..(2E.7.............f........................................I.qk..B.....LZ..............c.!.7.H,.D >..........c.!.7.H,.D >.........E.......E.......E...........................................E..j....E..T.]..E.......E....B..E..H....E....B..E....>.)E....J...................;........4...4...4.."..............E...E...E....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........E.......E......#E..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.076270114141623
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:5spzdlRkf9hEbXM9hO3TLRrtR5dmBu+/Go:5spzdlRXbXM9k3vRrtR5dmBu+/
                                                                                                                                                                      MD5:60DB10123097888581F4CF209AC1938E
                                                                                                                                                                      SHA1:DE8FCB20516B011B95900FA92DEEBC21875D91E9
                                                                                                                                                                      SHA-256:32A7F1F3AC0A8A551E72F9C2B6C61772BB885F7C6FF4E349679DFBB471753424
                                                                                                                                                                      SHA-512:3C7173F342C4FF606A177D0418D29A54A78C6E9A412C742A9B7E56BE3F21072FC7A5AECB8F4D1D8AAE83CE62B8930738AFDA61E0100D7EF4A17399331A47F56F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ..i.......i`.kp..8.:..at..i`.kp..8.:..at..i..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................|5.'...........N...^................4.6..N................f........................................I.qk..B.....LZ................|5.'...................|5.'..................i.......i.......i...........................................ij......iT.]....i.......i..B....iH......i..B....i..>.)..i..J...................;........4...4...4.."................i...i...i..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........i.......i....#..i............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.038481850628888
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:F/s5GZnrCEKU0t6hkEHhQXQ9nWfL2TofxrdqrNIOdXK/Ga9Jwg:F/sSnWEKU07EH+XQ90L2TaxRyzA7w
                                                                                                                                                                      MD5:83BEF6F2036DA87D942C5CEC273724A0
                                                                                                                                                                      SHA1:9B23101480793AF70F6ECAE41CC9BE0EEB3A67BC
                                                                                                                                                                      SHA-256:36A9F58717232C89EE07012504CA83D73D62F201B97F0A8753589B89EF10317A
                                                                                                                                                                      SHA-512:6AEE0F230065DAA4F9A334A91F9D17F86C19D020C854B526F32662A5B47A361911B5A2ABF26DB5F8464A9C3CE881F888BF28A623D73B672E224EE2289FBDD3AA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......$...v.......................................................................................................................................2...>...........v...L............................I.......I.qk..B.....LZ...................`..............`........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................k.....a..C.....N...^................h....;I./.-!MuJ........f........................................I.qk..B.....LZ.................k.....a..C..............k.....a..C.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.049766524245263
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YFsVw9T0b6u+tjKmEE3X89NgToG0rdDruI8dXT0tRc2KO:WsqT0GPjE2X89NgTGRPcZuK
                                                                                                                                                                      MD5:B79F3B5C0BEC3C2245F94DDAB4297623
                                                                                                                                                                      SHA1:5C30B8742622ACD10641BFF76D1294CB8AF50E84
                                                                                                                                                                      SHA-256:2B7BB84EFD6541D02778E2A133BE9EC590E3B2AC2635CC38BF66D95F224A3134
                                                                                                                                                                      SHA-512:728949355362697FD7979544CACDA21DE494EEB368AF311C059EE48940B011E3E66C8E6829971F3641DFD27367FAD3452C494F01DFF0729FA8C44073C5A65A91
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ.\.......\...G.=..=....\...G.=..=....\...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............x.*S'.......^e.....N...^.................Z9U..L.M...0..........f........................................I.qk..B.....LZ.............x.*S'.......^e..........x.*S'.......^e...........\.......\.......\...........................................\.j.....\.T.]...\.......\..B...\.H.....\...B...\...>.).\...J...................;........4...4...4.."...............\...\...\...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........\.......\.....#.\.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.068090087443311
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YfvxsTi0QL8sxXxt6qNm3SEYwaXTQ9hmqTogrdmrTI9dXzFRTL8p8rlH/V:isQxXxsuNEYXXTQ9hmqTNR2a5
                                                                                                                                                                      MD5:9C50D37021C57837BACE8BE2BB8F9B8C
                                                                                                                                                                      SHA1:737986F266ADA667BA6AAB6DA6F97128A8CEB299
                                                                                                                                                                      SHA-256:D870FB43FF580BF9F9C4C994315CEAC17DCBEF5AEE8C586A1E9A29AC9FDAF537
                                                                                                                                                                      SHA-512:C26B94EF0FC7BABC1146ADC8AD1D2697CC44366AB4A677FB8621987862A9F18E03A644C4AEEDEDB4F17CD6F80D1EBF29E8B74FB89381083D1FD719A765775E4E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................!.......!.v..*...W.,o.s.I.......I.qk..B.....LZ.!.v..*...W.,o.s.!...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............5.C..J.5Y...F.H....N...^..................66..M....nl!.........f........................................I.qk..B.....LZ.............5.C..J.5Y...F.H.........5.C..J.5Y...F.H..........!.......!.......!...........................................!.j.....!.T.]...!.......!...B...!.H.....!...B...!...>.).!...J...................;........4...4...4.."...............!...!...!...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........!.......!.....#.!.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):3.9456700030764873
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Y0esmABjqnvm3tKiEn6r9XNe9KQ4TofrdvlxrIIJCdXMNRdIa/F:7esBjovm3rEoXo9Z4TGRHbCg/
                                                                                                                                                                      MD5:16FA9318D4AC04BA1A7B73BC6C1F61C1
                                                                                                                                                                      SHA1:8487656DABC1A11890476E7BEA6633D3BD7E8F9C
                                                                                                                                                                      SHA-256:22F9F36A50A38A9D4E7BD9F84A4D1C1F893A2B5A2514CA182F8850BAAD42CD80
                                                                                                                                                                      SHA-512:7F6A68EBC8F719380904D6516F6ACF1DB20359E5357334596BBBD40B3B851A83D9CCD5388724DB7B6177F3156D67BECEDFDF23B2478C8C40CDC18A75E924D00D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J......................................$.4....qF..y{.I.......I.qk..B.....LZ...$.4....qF..y{.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............:zF.....0h.p..s....N...^................1.....G..S..h<.........f........................................I.qk..B.....LZ............:zF.....0h.p..s........:zF.....0h.p..s........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.037323697551875
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YxsxXb9mDyfetiSEXgZsXY9lxN8TobrdPrhIIdXAFRn3c6:Ss8yfeTEXgyXY9lT8TaRjNQc
                                                                                                                                                                      MD5:6FDEBDC99D7AC6ED2571C1B4C2FD5D83
                                                                                                                                                                      SHA1:5CC91B6337F14287AFD60266F05E8A2F2C1A2109
                                                                                                                                                                      SHA-256:5C948A1006B1E370D123F5DB76FD813AEEDC919F4649C2398C3AC5E3FE97640F
                                                                                                                                                                      SHA-512:6AFE7660615C87CA0702E41CA025EFB19F491D295B131AAE3CE8C83BE43637BAF672A2069D6952F6C6A8F654A0353F052058249CF7CAFA9B6FC760893F013A09
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J...........................#.......#..z.=..:.P.....I.......I.qk..B.....LZ#..z.=..:.P....#....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................ .j.....@...w....N...^.................1....L.....=.Z........f........................................I.qk..B.....LZ............... .j.....@...w........... .j.....@...w.........#.......#.......#...........................................#..j....#..T.]..#.......#....B..#..H....#....B..#....>.)#....J...................;........4...4...4.."..............#...#...#....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........#.......#......##..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.094960175860467
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YHyQs7eZc9UGtn1A+E86XHs9AzEmToxrdQrCIR8dXSFRsF8l:CsdUG9FEjXHs9cEmTkRI2S
                                                                                                                                                                      MD5:C4191334CE27B1C07A52654B744A6747
                                                                                                                                                                      SHA1:24213116E0FB94C0BF8DB361CDEA1DEC31B0F323
                                                                                                                                                                      SHA-256:CD94A0CF8B6044B5013989070D6AAD1C096EFD27A3A1B9F4661FA945D2A9BC6C
                                                                                                                                                                      SHA-512:3DABD6DCBE7DB5105BC54FF7DB84A9B721EBD214F9793A0317BB29261B62B4DAB3A40CAB04871E7CAA795FE020D4F9755EB32CE95A0F4A35D5E07E229293D3EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ..........bj...w=&.1G....bj...w=&.1G.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............A.Q=7....!.y{.d....N...^...............dqDJ..{C......j........f........................................I.qk..B.....LZ............A.Q=7....!.y{.d........A.Q=7....!.y{.d....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4......7...7........................;........4...4...4......................#..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.07054113445236
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:6sNoSO9JYz+7Ef9XY9dmTsRfwyDSIbVl:6sNoSO9JYBVXY9dm4RfwyDSIbV
                                                                                                                                                                      MD5:10FDC047448ACEF574616B59A81CE500
                                                                                                                                                                      SHA1:C3A98D80AB867E7BE4D1B6F49194EA25D22C2E51
                                                                                                                                                                      SHA-256:CD30C97787724815F3E78C6A7B8FD5C9AB7D5C546E616E086C7D01C33ACD6ACA
                                                                                                                                                                      SHA-512:37ABFED3C1BEDCA3D68DA813BF2BD21F080C736AE2D5E33E027E8AAF9533B6A1C64395EC7C2E684CCBFB60F9A4A93BBADFD2A6CBB804DB0E7FBE5C4633EA6274
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZuk......uk...Pt..o..4.uk...Pt..o..4.uk...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............6...5......,g......N...^...............T.gkFo{H..t...=........f........................................I.qk..B.....LZ.............6...5......,g...........6...5......,g...........uk......uk......uk..........................................uk.j....uk.T.]..uk......uk..B..uk.H....uk...B..uk...>.)uk...J...................;........4...4...4.."..............uk..uk..uk...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........uk......uk.....#uk.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.096992569740122
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Y1syrhRqyICrtGmEFn0XU9D1QTo3rd2trc/IcdXU1RyqLCqjBh5:msyXqHCrbEF0XU9hQTyRecDHqLHjBh
                                                                                                                                                                      MD5:9CB0AA2C67D1ECF73CFD5E5CEF3A31D0
                                                                                                                                                                      SHA1:E775DF98A7EA3DD2D1EADF38915E38E23CAD9BE9
                                                                                                                                                                      SHA-256:DF574B4BE9B254100F0E685013C227D7C30416900FB39A391B05C24008B9C757
                                                                                                                                                                      SHA-512:D0543701A86112018EA47EA01272939D245617705BEB18482C3AD023AE70F82395A93865225048067A1848E5E862206BB9FB649B27BBDA1D1E8B31805CC026B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>......."...v.......................................................................................................................................2...>.......~...v...J............................I.......I.qk..B.....LZ.b......ba.2..=.D.%.].ba.2..=.D.%.].b..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............G.V?.....|+.R......N...^.................z..O.....UM$........f........................................I.qk..B.....LZ.............G.V?.....|+.R...........G.V?.....|+.R............b......b......b..........................................bj.....bT.]...b......b..B...bH.....b..B...b..>.).b..J...................;........4...4...4.."...............b..b..b..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........b......b....#.b............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.09611850265089
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:1siHABgEIkTtZtsEtFX096LFUTo8YrdfokrBI4zdXiCknJoMlMa:1sskThsE/X09mFUT0RfHPzfOHlM
                                                                                                                                                                      MD5:CF7D220145CB44885E0839B105D89986
                                                                                                                                                                      SHA1:98383A6DF96620E9455C3633059FCAAFA794E13C
                                                                                                                                                                      SHA-256:C03B107BCA50DC3E76080CF6CC60D67472CABF96F37C602D8A58C1648549AC97
                                                                                                                                                                      SHA-512:2EBE5426341DC88D84A0389A0C71BDBF214F9AE31B87859BACEA26BFC2C23A0855A2D0C167170753381AB63246098B67F4CAB559747ABCC52C03176875928110
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ#DW.....#DWp...=......4#DWp...=......4#DW..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............K....."....6......N...^...............z.."...A..l^.W.M........f........................................I.qk..B.....LZ..............K....."....6............K....."....6...........#DW.....#DW.....#DW.........................................#DWj....#DWT.]..#DW.....#DW..B..#DWH....#DW..B..#DW..>.)#DW..J...................;........4...4...4.."..............#DW.#DW.#DW..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........#DW.....#DW....##DW............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.07482800928492
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:LeGsAfhBIA9GtZt5iEno3iX89WHToqrdlrYhIzdXT5D53iNkwE3iIpCa:hsWIA9G5YE1X89WHTrRpnzp86BI
                                                                                                                                                                      MD5:27D2392428E2C66C1AD27DACE7F82943
                                                                                                                                                                      SHA1:8A8D2654DC92904AE317A653DF87EBD227C9D394
                                                                                                                                                                      SHA-256:21DD3865651D95B7D43C71B45C746704C1C7565F50589388852FB4C0A5EDB561
                                                                                                                                                                      SHA-512:188C049F99FF5330A3DC9A9229F66EF9BC58BF829675C6E27ADB10DDF8D46A50AD9AC6B19827825D37204B913EA7B0BD678937A6A7857B33A751D83AC50B176C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZM......M.p.1o.<X^.?..dM.p.1o.<X^.?..dM...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.......................5.s......N...^...............'.a~8.B.)..e...........f........................................I.qk..B.....LZ......................5.s....................5.s...........M......M......M..........................................M.j....M.T.]..M......M..B..M.H....M...B..M...>.)M...J...................;........4...4...4.."..............M..M..M...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........M......M.....#M.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.084348226774586
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ps0s2jmh/X6za6mmtYoKItQEdKIXvI9c3O7To7rddr/InQdXwATkqXABOUj+dS0a:pDsC/a6mmMaQExXw9CkT6RRWQZTk6S0
                                                                                                                                                                      MD5:D05B71A4AA76A2A0AE1BB03684078ACE
                                                                                                                                                                      SHA1:25BEACB597F47F906CB1600BE18FFE4BF2BD4334
                                                                                                                                                                      SHA-256:9BAE0F5B588B8228766FF0B2FEE2A905A58EF72A914D9852D81B1B3EB3C56620
                                                                                                                                                                      SHA-512:B99610923831DBAB05A11C47DB6ED2020C661F7B8BCCFC9D08F0B604678B5C07DE0158F1AA2E3628FBB257BFD5209D3D6681905754FFB9046DE019F0BBE1938A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......&...v.......................................................................................................................................2...>...........v...N............................I.......I.qk..B.....LZ...........%r....s..dQ.....%r....s..dQ.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............:...lM...0.x.......N...^......................H....5...........f........................................I.qk..B.....LZ............:...lM...0.x...........:...lM...0.x...........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.131900141509632
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:6slnOJM27iDSu02E6XM9hznTvRvLfOZJxb6:6s927BuA6XM9JnrRvL
                                                                                                                                                                      MD5:B7CB90E0853224676BBD58707C487CDC
                                                                                                                                                                      SHA1:00146CAC6368CC3926B034C9ECCB9AD6C6A79FC1
                                                                                                                                                                      SHA-256:6D20332BB30B2ED7A28FDFC3F50F4F3BA91C6F345C6EF37E9A21574E66AD692E
                                                                                                                                                                      SHA-512:59CD5E1036B3FFD735307C3908CF18A331D2D3847A3A090D2C5EB2ED5757A541412CAC09BE45026BD25F22951C7EA98351F59000BB861E8103B85497BF67C68A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZ...........~.P........I....~.P........I......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................G......2~..c.....N...^................/-....B..o...R.........f........................................I.qk..B.....LZ...............G......2~..c............G......2~..c.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.172238253541572
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:GsTm+Zenit/ZtVqEPlOAIXrI92yHfTotrdQrSRIJdX1bx1Zly4Vbig:GsJeniRTsEPMXM9T/TURIvjz7V
                                                                                                                                                                      MD5:5A6FE98EE692EAB4AAE0E86724BD2761
                                                                                                                                                                      SHA1:A2E25CECF5720B12C6FFFE423FB041BD9918B9E3
                                                                                                                                                                      SHA-256:B28090FE8167FB4CDE8E70C8A9D3BF52A42F9BACFF430B6865D2F0EDBF330267
                                                                                                                                                                      SHA-512:F41711910EEEEE8726FCD1359C073454774FC759DA3F44277F7B1DBBCF43D253452386E45C3F5F8808E19E8B07ECD8018566735D970E554CB47501433C7ABDF5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......0...v...$.................................................?....?............................................................................2...>...........v...X............................I.......I.qk..B.....LZvs......vs..(..=...B~t.vs..(..=...B~t.vs...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................&.......^......N...^...............m^.....I...8............f........................................I.qk..B.....LZ................&.......^..............&.......^...........vs......vs......vs..........................................vs.j....vs.T.]..vs......vs..B..vs.H....vs...B..vs...>.)vs...J...................;........4...4...4.."..............vs..vs..vs...z...y.. x.. ...........$........4......7...7........................;........4...4...4.........vs......vs.....#vs.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.134589252181396
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:NsJ8HTaXFEBA76X89yTaRK63HRH3HdH2HRm/HYH:NsmzaiA6X89y2RK63xX9Wxg4
                                                                                                                                                                      MD5:D1271F9EDEAEE96CB3CCC19A4EDC207B
                                                                                                                                                                      SHA1:016F1ED947AD07726FB2BA7E5FF185B46F254A2E
                                                                                                                                                                      SHA-256:4F0B863EDE0C3FBDBADB2D12C7FA608CFDFC6C4E61E8955FE49545B00EABB8D1
                                                                                                                                                                      SHA-512:8DC0D328E6B68DCA4A517B2E200F8A5018CE8FCC324CD67C6B7FC6A888A6EBF7207711B5B358C02722094E5C2CA04D4D50FB1B580AAFE9E1CCDF8367FA8E6771
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.............W.......Y......W.......Y......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............0........>.$.....N...^...............sLb.^[.@...k|}h.........f........................................I.qk..B.....LZ..............0........>.$...........0........>.$.........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.138705050192552
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:j3wksaXweYpt6tS5VGE7CWXXOr962HToQrdSr2IxdXWCExNo4V:NsaY36E+E79Xk96QT5RKJI1
                                                                                                                                                                      MD5:5CE714D7E699B20C8583341537010A90
                                                                                                                                                                      SHA1:E2E400066617E99A2436E532654F5DE27DECCC81
                                                                                                                                                                      SHA-256:C998398B420D037B2810EA8A20E491C5274A3057AE42FEF867184FE7063326B1
                                                                                                                                                                      SHA-512:7EA1A5C13E583E653F0BFC61694100F074AC1B044589A78B74624B715682D25E9F64687D31A58F41265B17D047264B4113321365747C16DDB5CB54DCCA79B055
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ............#d6.(&..........#d6.(&...........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............8Y....I.+..7+.fv....N...^.................%.=~IA..u%L.V........f........................................I.qk..B.....LZ............8Y....I.+..7+.fv........8Y....I.+..7+.fv........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.138003548264813
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:u6sdqednxkt4SEEC/1X5W9sroxTo2rdSrBDdI/dXB8xg9w5:u6sdnxkBEE4X5W9NTfRKBDCw
                                                                                                                                                                      MD5:205E289206A94CC981D4CC46E96BCA4E
                                                                                                                                                                      SHA1:A8C45FD847E9B4148EA7E30F4D852C044CF036CE
                                                                                                                                                                      SHA-256:33D85175F2F4BDF321743C9ECDC1BA35199E26268A4A6AD1E186ECC605080367
                                                                                                                                                                      SHA-512:049045E4C1F8A71CDD9D5BDDB49680D3CBFCD0490C59E70C500F192F1B90F92D28416A4F1A6373BB24831324D6B2207B05602EBE65E576818C121B7AF0F131EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ...........|........M.c...|........M.c.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............)./..G....,O..j.....N...^................r.9...L.....~n.........f........................................I.qk..B.....LZ............)./..G....,O..j.........)./..G....,O..j.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.107905641015744
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:45kseZrGJMFE2RXE9hTjRKT8S3ralSgn:45kseZrGJh+XE9hPRKv3ralSg
                                                                                                                                                                      MD5:2C52288E53C899DF18924DA6F0B5E93E
                                                                                                                                                                      SHA1:284BFF441C7AAEC90BE4E0C4B71F4FC47EFE4E40
                                                                                                                                                                      SHA-256:583072049B1F0CC9C322FF644B1908DBBE61A52E917DE6C1022649AC8551E7A8
                                                                                                                                                                      SHA-512:14623D6D313F126E22BA89D994CC82C6311C4BD7D81D66D242A83250758A1E06BCCB0B8584F4C72513A42FE9C788913482BC4134C3709378FFE5FF6DFC0AFB14
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ..w.......w.78..5ig..v....w.78..5ig..v....w..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............i?......%..".n.....N...^................<<~i.>N.N._..........f........................................I.qk..B.....LZ............i?......%..".n.........i?......%..".n............w.......w.......w...........................................wj......wT.]....w.......w..B....wH......w..B....w..>.)..w..J...................;........4...4...4.."................w...w...w..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........w.......w....#..w............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.150959036755219
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:sbVGBsR0npneCsrtjoziEG9CCZXXk9nP7TokrdSr9Ih7dX95HsTcpUdsYAHI:sbV2sLjrhPEiHXk9DTVRKk5sw6dsYAH
                                                                                                                                                                      MD5:55D02E2583B9890CA7B2A36D7E9432B4
                                                                                                                                                                      SHA1:72F29C6FA4B8C7CF4F3505B08CA2BA8F1A85C0F9
                                                                                                                                                                      SHA-256:EA2C23181A02904F09971453CB0DA6094ADD05A51807E61325F7317409223DCB
                                                                                                                                                                      SHA-512:EF6ECC346D77C2E855C1D14CB42F6A5D631B7F0CF77389599495C801F3C456D0A2FC23554853AAC0D7E1963E7B8AB0EC12D582EE04318276A84960DD325C77F8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ...............<Y..9........<Y..9......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............k..:.9L.,.....9....N...^.................j...E..IXD.Z.........f........................................I.qk..B.....LZ............k..:.9L.,.....9........k..:.9L.,.....9........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.141565831132106
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:9Ar8Bsp96g4Ez5tIL+EnpDCZP+XQ9A44To9rdSrNIqdXOe0GsC:9AoBsvf4q55E11XQ9A9TcRKHhs
                                                                                                                                                                      MD5:907845816F875B1CD66DBDA2F3232836
                                                                                                                                                                      SHA1:7B0BE3A992D7798D11B974920D326FA752CC6791
                                                                                                                                                                      SHA-256:A7E672627D4DA72F275229978563EA6B686A21881B89F0F635F4B947410EB20F
                                                                                                                                                                      SHA-512:766B9A26E35A54597378FDCD2282A184A5A9AF266EE4D7193A859F5CD97A0847B36C827F64F7959BF9C215B21DD40E08A9C1A564D12D80B5716507988B6C5FB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ:.......:...V],.'.]%."..:...V],.'.]%."..:....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............V..?...0.{..._.....N...^................+.&P6.L..t.Y.........f........................................I.qk..B.....LZ............V..?...0.{..._.........V..?...0.{..._..........:.......:.......:...........................................:..j....:..T.]..:.......:....B..:..H....:....B..:....>.):....J...................;........4...4...4.."..............:...:...:....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........:.......:......#:..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.12806027363275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:OisMz59T0dFJ0zNtsOEmCKJXM9joTosordSrAI2dXimYFX+F:Oisqp0dFJ0B5EmHXM90TERKgq0
                                                                                                                                                                      MD5:ADAC1935CB488E8BA740253EE10BC94B
                                                                                                                                                                      SHA1:0D0762E5918DE6C32D96E018E248E151DA4560E4
                                                                                                                                                                      SHA-256:9013C92A9994C03FB2BE3CD65A37982580AE8677C7E69C2C06BD071F43996996
                                                                                                                                                                      SHA-512:A62833E157CBEF594B21C950B0CCAF531636C63B335E8CEF15FD57AAF895299A9F067DACAC24255CC3F88F829C24F14F9DF90A69CDC838D9D6BA3683A2662CFB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ'.g.....'.gf.s..4...)..'.gf.s..4...)..'.g..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............w..y.J....e... ....N...^.................o...K..p.U4..........f........................................I.qk..B.....LZ............w..y.J....e... ........w..y.J....e... .........'.g.....'.g.....'.g.........................................'.gj....'.gT.]..'.g.....'.g..B..'.gH....'.g..B..'.g..>.)'.g..J...................;........4...4...4.."..............'.g.'.g.'.g..z...y.. x.. ...........$........4......7...7........................;........4...4...4.........'.g.....'.g....#'.g............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.131977326692842
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:K0sg1I95o118tnyoElCC5cXI9mNToSrdSrmIXdXtN0QR5oR7ItLjyV:K0sg6K118BHElCPXI96TfRKPNKR0tfy
                                                                                                                                                                      MD5:6FB8E4954A5C6ABF668BE3FA528717AA
                                                                                                                                                                      SHA1:5446E82257E04B02BF845A16CEE80D3DB917A17E
                                                                                                                                                                      SHA-256:C3D51BC986757E19E35D74DBA056F594E6BDF9012D571D6CBB2726DE0E417F1B
                                                                                                                                                                      SHA-512:C8AE2F9DBBD769931F29824CD82651D6CF90BA4AF7F6C121EB179DDA1D6584EE4237230EB7645AA5235CE19D59A709F1E89D1DB827BE02850234D70A1CB36268
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ.6~......6~ R...7...-...6~ R...7...-...6~..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............gP3.c.).9...;%.....N...^...............(e....s@...K............f........................................I.qk..B.....LZ............gP3.c.).9...;%.........gP3.c.).9...;%...........6~......6~......6~..........................................6~j.....6~T.]...6~......6~..B...6~H.....6~..B...6~..>.).6~..J...................;........4...4...4.."...............6~..6~..6~..z...y.. x.. ...........$........4......7...7........................;........4...4...4..........6~......6~....#.6~............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.108037185260499
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:KMsur/4QN/SYE6c78Xo9GwToRK66Du/CFaon:zs3EKFD8Xo9Gw8RKhD
                                                                                                                                                                      MD5:9CE690DF30F497F0E9D97CE12DE60701
                                                                                                                                                                      SHA1:F42ABDB8912FB6381E94111DC88F65D6CD9FFC2B
                                                                                                                                                                      SHA-256:F57A40E7C18CC2DC7EA0315CB5FC1381F534009E95D38E2FD36F6DF6C5CA9F46
                                                                                                                                                                      SHA-512:E2BAD5B8F6FD399633B5AF7670F02867A9662212EC4BD69378B86E36BB57B7AF8C55BFE3DAE8265DF4F586E7CDDD7A1B0F511731C6AA3E5DF6207E022EEA5062
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T.......................................|.......vK..I.......I.qk..B.....LZ....|.......vK......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................(....X.9....N...^..................w..J.....g.........f........................................I.qk..B.....LZ..................(....X.9..............(....X.9........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.135828622035195
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:QLszvLYPovct7eqyEIWCCYqXyT9BoYnWrTo8rdSrCIRdXfKI561ah:QLsAPovcBeBEPxXyT9+TNRK9s91a
                                                                                                                                                                      MD5:C8111A47EBF783BBDCF92FACA96A0F79
                                                                                                                                                                      SHA1:F9958DD431EDDEEF60568C0C1013DE88CC4D713F
                                                                                                                                                                      SHA-256:C6916DEDABFE99C44E1B6607A6AE21902328DEF2F87DC7FFD17BEDBCC5492D32
                                                                                                                                                                      SHA-512:5E5EBCA8BDEC7F73D8C1C51D1BD4CDD3AD32C087DF1D0D5C812CFEFB3489414D43D0A45DAB450B6FD010862238ABD91678A6D6B49827654D0E75DC013A0FD0E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v..."...................................................................................................................................2...>...........v...V............................I.......I.qk..B.....LZ...........$....){u.LD.....$....){u.LD.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............g..Z..?....$. ....N...^................k...;.H.O...p.[........f........................................I.qk..B.....LZ.............g..Z..?....$. .........g..Z..?....$. ........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.151172861613123
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:tsY2oEu5HYlr6EVUX49QdZTuRKiZG+Aev+oax:tsY2oEuwr2X49QdZCRKiZG+Aev+9x
                                                                                                                                                                      MD5:94B112B40DCCAA50E04C04C62C18A795
                                                                                                                                                                      SHA1:0719F575337BC787660CF0AF01761144EFEB373F
                                                                                                                                                                      SHA-256:95F70E1AD7B1BDF9B9CFE56D5449881AE68D78B5DBEE38870FD3D853C5872295
                                                                                                                                                                      SHA-512:219064D774DB780E70691485050EFAFBCFBE139F5BDB1DEC2428B76D7F7D31DE130C619F9FF3360F134EA6A77DCFBBCBD73BF00793AACB230AF1AB7DD3D016E3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ..8.......8.=N..../=&.-..8.=N..../=&.-..8..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............v_.....2...bM.....N...^..................w.P.B....K].d........f........................................I.qk..B.....LZ.............v_.....2...bM..........v_.....2...bM............8.......8.......8...........................................8j......8T.]....8.......8..B....8H......8..B....8..>.)..8..J...................;........4...4...4.."................8...8...8..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........8.......8....#..8............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.14595666579512
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:S8XrsLhcOpQVE4EsWMuX496QiTERKnaq/w+Nq/oED:S2sljpQ6l8uX496Qi4RKnaq/w+Nq/fD
                                                                                                                                                                      MD5:4430136B0345F274E4D524D088871C6A
                                                                                                                                                                      SHA1:4452A63E51493660AEFE0F4B40FD73703F0FCBC6
                                                                                                                                                                      SHA-256:39BF999308A7F90441F1195AF66AFD943EA2E13DA0EDF82765DD8B439F1A5EE9
                                                                                                                                                                      SHA-512:CD9518A0CD03A2BF0583FE44B681EBFE5CB3DF2534CFADB71D014E646E34A868CCB984C9E99D74D5EE832591C547B3AF4469B606BE61C651F38C7C3D9837A3CC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ.g.......g.&Q*6.>..r1{|..g.&Q*6.>..r1{|..g...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................Xv...-.n.!7W.....N...^..................~.U'L.jM...Ta........f........................................I.qk..B.....LZ...............Xv...-.n.!7W............Xv...-.n.!7W...........g.......g.......g...........................................g.j.....g.T.]...g.......g...B...g.H.....g...B...g...>.).g...J...................;........4...4...4.."...............g...g...g...z...y.. x.. ...........$........4......7...7........................;........4...4...4..........g.......g.....#.g.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.116840885566033
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ehzAsPbbM0wTrDnwtkLMMOER35uCAZUXI91lSdazToWxrdSr6IpdXnvxYy2eoxxh:ehzAsEnwyCER3cKXI9b0ATjxRKNW
                                                                                                                                                                      MD5:9EC20CBCD5AB8BF94383B5766698E299
                                                                                                                                                                      SHA1:2C87B91C2F5C99571E99EA79BE7106BF84766480
                                                                                                                                                                      SHA-256:3D4690A182E4886BE355F12C2450174D9D340196D5E235F50601214CCFA332A5
                                                                                                                                                                      SHA-512:E0A0BC6DA519F58C99175006258F129CB5C7F9BB043AA006CF50B87AB3767CDF76BDF2B153318BBA89E6481C71A60656A0FDB09A0D10F026719B491972B31218
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ..Y.......Y..|..:A....R..Y..|..:A....R..Y..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............B*fJLp.......o)....N...^...................@b(E.z..cO..........f........................................I.qk..B.....LZ.............B*fJLp.......o).........B*fJLp.......o)...........Y.......Y.......Y...........................................Yj......YT.]....Y.......Y..B....YH......Y..B....Y..>.)..Y..J...................;........4...4...4.."................Y...Y...Y..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........Y.......Y....#..Y............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.12629760203938
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:J19spdmoVnTRENA1s2LXs9zhTHRKsF/c:J19spdmopTuyLXs9zhDRKs1
                                                                                                                                                                      MD5:B7B0BD06C606B54959058EF1CEB65AB7
                                                                                                                                                                      SHA1:F6484998408D991547B49728DE34384309D2904A
                                                                                                                                                                      SHA-256:0DC527A46790F6A1E41F24CFC1B2C91E8C954EDF794631EB9D78E3004A775556
                                                                                                                                                                      SHA-512:8D91A36866F514B5F7B6FD550664416182A841ACEEC9C6F54C740AAE749C27E887DBCF2D99BB4B9D274F1192E375514766CA3FEEE6E578AD085A57E625CFE5C6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......*...v.......................................................................................................................................2...>...........v...R............................I.......I.qk..B.....LZ..r.......r.i........Wb...r.i........Wb...r..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............M..a..!.~.g.......N...^................3xp.rC.\.@.Z..........f........................................I.qk..B.....LZ..............M..a..!.~.g.............M..a..!.~.g..............r.......r.......r...........................................rj......rT.]....r.......r..B....rH......r..B....r..>.)..r..J...................;........4...4...4.."................r...r...r..z...y.. x.. ...........$........4......7...7........................;........4...4...4...........r.......r....#..r............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.134574216946712
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:KgZ3s+vxaw81BEyrgpXWp9mTDT5RK4zWNY+Rl:Ts+vxaw8IykpXWp9cDtRK4zWNY+R
                                                                                                                                                                      MD5:33A5451BF36A0D4D1DFFAFBEA437F475
                                                                                                                                                                      SHA1:5FE8C74EE9947AD9008BA72BFBEAD61863A344EE
                                                                                                                                                                      SHA-256:8DC7D3BC724B74C48B91E5BC3E62F394FD1E1BC58F5DDD16D7326B4DEF465671
                                                                                                                                                                      SHA-512:ACE2CCEC5622F5053D43332C3DD17DCDC2C6221575AC39D48E6BF60784FABEF93BB792107DBAA89568CF3952304CD77BE187B23642B3CF72A027DA2F0138B5E4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......,...v... ...................................................................................................................................2...>...........v...T............................I.......I.qk..B.....LZ...........@.\X.6.$.+......@.\X.6.$.+........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................(...}'.......N...^...............m.G....N...B...........f........................................I.qk..B.....LZ................(...}'...............(...}'...........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4......7...7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.14513211183682
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:HsKI4j0SYiZ0yw4tf4nEJlCDYXHDy9HgtF5VToajrdSrh7IK0dXbsmk0S7DSe7QN:Hslg0P46EXZXjy9g3VT1RKn02B/c1
                                                                                                                                                                      MD5:4B7E82DD22A0E86D2FB0088B179ECBA3
                                                                                                                                                                      SHA1:6CDDAEEB02FFCA242BC2AC22AFE077A14A787094
                                                                                                                                                                      SHA-256:7768772FA6DD021895208ED66F402F82FC49C258F5D5C2CA8B141CC081E8ABD1
                                                                                                                                                                      SHA-512:71B641D2D475632A6C16E67F1B4D39A6DD7503D38936EBEA96F7074418FC8B5F41BA2FECE0F25FF59FB44E1CA2CE1BBFE1F43E7ED7C996C9851EDC09E9C07AE7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......(...v.......................................................................................................................................2...>...........v...P............................I.......I.qk..B.....LZ4.......4...+.'_I...@.4...+.'_I...@.4....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............r>.....E.cG./.....N...^................f...2.I....<h.........f........................................I.qk..B.....LZ.............r>.....E.cG./..........r>.....E.cG./..........4.......4.......4...........................................4..j....4..T.]..4.......4...B..4..H....4....B..4....>.)4....J...................;........4...4...4.."..............4...4...4....z...y.. x.. ...........$........4......7...7........................;........4...4...4.........4.......4......#4..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):3.630530841928535
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:iwQl6a+RLCKEqaedEG4IPEaEjKDc4Ip3b3H4I6J:mka+Rgq96O8reDUp3b3X
                                                                                                                                                                      MD5:B1A23CDB0663EB6C23885427D47BEF28
                                                                                                                                                                      SHA1:17EDA6E235A6741D890D990D98F7A230401402E8
                                                                                                                                                                      SHA-256:99998999F14F42A08987DE09F2078D1B13EEFC45AF46FA9880A4E664C791EDC9
                                                                                                                                                                      SHA-512:AA73BBB14A6E2E8C29E8AFA8972CBD24D6E3EB8C29097CFE2F6DA79A2D0A3C650395EB4460C552876659C56D893ABA1AD7853B644BB791C666BDB757BF9A37CC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.........................................................................................................?..................................................................8......................................$?.fD...j.+#..l+......l+5...E......I.."@..I..-P.m@..."@......G.......^,A....'.......".r'4 |.'.........................................................................:.......:..R...0.Sr9.Gs.U.....s.U?MrlO.b.q..2.......^...........<.......,........l+...:...?.'[.................T.r...l+T......?T)...s.UT.2..'[.T)V.......J.......".......m.......l+.....'....c..,0...e...B4.$...........GP..A..}.....J....................'.......'.......".r'4 |.............G.......^,...:..R...0.Sr9.G..:.>.......SX.E..4>...BD..MD..:vE.+..IBD......>...........H........G.......^,ABD..MD..:vE.+..I'[...dkE.$#...............0...........e....4.............."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w.......B.^....F...r.QH.....(...........(..."...P.r.o.j.e.c.t. .O.v.e.r.v.i.e.w...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):4.58251970596317
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:++BGRAK0zYr4TL0yir+njRtLXLB+uT5G7aNyyvkAOm0X2bCNcXOdWdhrg7huu:++BGmK0zu4TL0yY+njR5XL005G+NyyM9
                                                                                                                                                                      MD5:C8CA007223FBBB0EA668400816BB75DC
                                                                                                                                                                      SHA1:91518B5BEB7FACB5128F070CB3111B0C5F0FDD5A
                                                                                                                                                                      SHA-256:B5D5BABA40BEB85B21ED77F1EE05F3C0EC28C7C8C78AF29ED71C067C245FDB85
                                                                                                                                                                      SHA-512:A27E54EB97275E530A060252BBB888C4FD8F075F1CF555FBDBB5BAFE935E391AED4C9EF0C709720BA706C9D11640EDA7A1E6E547C23E21E3FFAC98455AC9EE84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....>...........v........@..( ..`J..........>...t...8...v........H..( ..PI..................................................................................>...........v........I..( ...I...............I.......I.qk..B.....LZ.[.......[.......f.7q.....q..+[...gDs....q..[.......f.7q...[...I.qk..B.....LZ.I............I.......I...................................................I.t.....I................................................................4..'...'.............Y..:!".$.Y..5.....N...^...............#Iy6G.rL...................J...............................4....I.qk..B.....LZ............Y..:!".$.Y..5...................................[.......[.......[............................................q(.6....q(.z....q ......q$......q ......q(.5....q ......q$.........[.3.[.8.[...z...y.. x.. ...........$........!..7!..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.3..............Z4...........................................4../4......p...............C.a.l.i.b.r.i.....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):22203
                                                                                                                                                                      Entropy (8bit):6.977175130747846
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                      MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                      SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                      SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                      SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):3.963962053886136
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:rsG2seToWcXFCkeR/xh3QpoZ9cbUyN7rZlcarAE:QGIoW+F8R/ApojcbPRrZlcarAE
                                                                                                                                                                      MD5:DC80FF33C2CD0DAF7F3DB7DC701F3798
                                                                                                                                                                      SHA1:82AA3E04BE3D49FC6F15381A0C97ADA6527785B1
                                                                                                                                                                      SHA-256:05A419113171FBB68F6EE04D8221A371E83AB70B2033AEB34A70A06FDB985ACB
                                                                                                                                                                      SHA-512:74683CED12AC3361440B3EF3F31134D7F98AACFD37B8AB731120FC1E0E46C57D1DB7BDB42278C6E53A5C53A0224999C0946BA908C29B0E66A8FBE4815DFA7785
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......................................................................................................................................2...>.......Z...v...&............................I.......I.qk..B.....LZ..+.).....+..l..7.U....{..+..l..7.U....{..+..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............K~O*...\...P......N...^.................hoeT'L...r@...................................................I.qk..B.....LZ..............K~O*...\...P............K~O*...\...P.............+.......+.......+...........................................+j.h....+T).....+.......+..L....+H.]....+.......+..H....+..}.......Z4...........................................4../4......p...............C.a.l.i.b.r.i....................+...+...+..z...y.. x.. ...........$........4...!..7!..7.................+:..+F..+G..+..z...y.. x.. ...........$..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52945
                                                                                                                                                                      Entropy (8bit):7.6490972666456765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                      MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                      SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                      SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                      SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):3.5186902096052135
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:N0s8MgvP1dmxFX7Npg/XSxEQuvRtO0RLmruFDLG1GdIwr98NX2sF+D:NJ8j6FX7NuvCEvvRtFnQ1GdIa8NX3C
                                                                                                                                                                      MD5:BF40B0D4A9D85A340EFF2D34A714F4F1
                                                                                                                                                                      SHA1:43C46AC8302F0776A32121631A5C7519AA3551E9
                                                                                                                                                                      SHA-256:97D779157BF4EE94462B130DB2289246DE2EF46D655F50D22DFC76CCDB9B6B0B
                                                                                                                                                                      SHA-512:C5CB44B459396D5BB40EE04769E1A552EE6B9769C1BA22C008112CF7B99C8F8342B79D132E2880911833038DA379262C01693C8B4EAE68A362178EAE90B5518D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......................................................................................................................................2...>.......@...v................................I.......I.qk..B.....LZ.'U.9....'U/X4Y.-.D....'U/X4Y.-.D....'U..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............'.. D........'3%....N...^................yM+..^I.....q.............................................r....I.qk..B.....LZ............'.. D........'3%........'.. D........'3%..........'U......'U......'U..........................................'Uj.....'UT.H...'U......'U..\...'UH.....'U..3...'U..O...'U..........Z4...........................................4../4......p...............C.a.l.i.b.r.i...................'U..'U..'U..z...y.. x.. ...........$........4...!..7!..7................'U:.'UF.'U..z...y.. x.. ...........$......
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):25622
                                                                                                                                                                      Entropy (8bit):7.058784902089801
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                      MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                      SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                      SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                      SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):3.0947660094871723
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:a+tXFcVfFYeOKE/+BnSQHWvsRSvuCVf9iWt5HjdFr2Fk8:aqcVfFYcE/+BnXHWvsR0uCVf9iW7Hj
                                                                                                                                                                      MD5:D7DEF25EA334E0BB7B9FDFA153DE0D64
                                                                                                                                                                      SHA1:B3CCFB049937EE28748795029C81B84BADC720C7
                                                                                                                                                                      SHA-256:8021B33F1B97E2AB3E5596C9BB5B48610B15A00C9E4F9F66D03ADB1556121F60
                                                                                                                                                                      SHA-512:439D7D726096384D623B4E0BA9BC634CEAB78129A412C2D49F9840434DB4CC2A92CBDC1AD15E22742A7FDCA2275CBB6F1C1B2EA56A677F6A859B3B5BB35D48DC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......0 .../.......a.zx.!....8.............a.zx.!....8.........I.qk..B.....LZ................................2...>.......B...v........-..............v........-..8....................I.......I.qk..B.....LZ....T......w.F.........r...w.F.........r.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............a.zx.!....8........N...^..................ZD..M...wp.._.........................a.zx.!....8...............ZD..M...wp.._.............a.zx.!....8....................................................................................................j.e.....T.......................a..................... .H.......z.......R...................!..7......}.....W.i.n.g.d.i.n.g.s. .3.......................Z4...........................................4../4......p...............C.a.l.i.b.r.i.......................z... ..$..............
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15740
                                                                                                                                                                      Entropy (8bit):6.0674556182683945
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                      MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                      SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                      SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                      SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):3.7749200032851826
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:9s34Fa0rqotintqSLX0vmuyRtESwyQeq1h+Ou4XYlZXL9i008ktGqEG:CoY0rq6It3j0euyRtQyvq+MXYl15i00/
                                                                                                                                                                      MD5:9CCBC64FED2AD5382E5F5B4F768E660D
                                                                                                                                                                      SHA1:4DCF550D7A6B543B6ECA7E4F180207FE832768FE
                                                                                                                                                                      SHA-256:6003A2F4AA8045109DCDC11D3A4EFAAD690C0A2BE54DD5D13405D60BE8EB1692
                                                                                                                                                                      SHA-512:586CB89DF28B90E729109F5D85780A4DC5DC66274DF24DF1F0C23C807AA1656025C32A7DD966178BBCA6D70B30A3AE6CCCAC2FC7C66BFBF30462A15709BDDC42
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...x.......v........ ..`!..2...>...........v.......@................................................................................................................................................I.......I.qk..B.....LZ.f..9....f.j3>...f.m#....f.j3>...f.m#....f...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............l..........k{P....N...^................&....H.z.G. x..................................................I.qk..B.....LZ.............l..........k{P..................................f.......f.......f...........................................f.j.....f.T.Q...f.......f...n...f.H.....f...9...f...V...f...........Z4...........................................4../4......p...............C.a.l.i.b.r.i...................f...f...f...z...y.. x.. ...........$........4...!..7!..7..............'.f.%.f...f...z...,4. ...........$>........4
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55804
                                                                                                                                                                      Entropy (8bit):7.433623355028275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                      MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                      SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                      SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                      SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):4.65314743622543
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:MsERvj8ZSfAFVYaoogqoaAYi+eOHeFPMqX3hZaBcNRtbsFydwCaLBM9yB/U4Cy/g:RQgZSfALY2gqoaSj+exMkBRtQFOwCaLq
                                                                                                                                                                      MD5:73625F2E8E2EDB33703BA233F50FE43E
                                                                                                                                                                      SHA1:FF36DA8DE6650BE75692DF8B7FE142AB2E7754CD
                                                                                                                                                                      SHA-256:AB6268113D7EC00E541263EC8A114C67666E34046E512D8402435117AF36D873
                                                                                                                                                                      SHA-512:F02F42F3A7AC592AD1A9187F6993D957731645ECCD088ABD55A14A25C9C5D0F509A21337CA562B29CF14C37ED42E060D70C02B93AB74E05B67A5CDA13E37320A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....>.......>...v.......0 ..h+......>...........v...Z...@...X*...........................................................................................................................................I.......I.qk..B.....LZ..................._|.............._|........I.qk..B.....LZ.I..s......H.~E.... s.............I.......I...................................................I.t.....I................................................................4..'...'...............v....E..s....n....N...^.................'.XK.J..d8u....................................................I.qk..B.....LZ..............v....E..s....n.............................................................................................s....|..s..(....s..(.z.....j.N.....T)................b..... .......'...8.....z...,4. ...."......$>........4.."..7......A.g.e.n.d.a.:.........................Z4...........................................4../4......p...............C.a.l.i.b.r.i...............................z...y.. x.. ..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):41893
                                                                                                                                                                      Entropy (8bit):7.52654558351485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                      MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                      SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                      SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                      SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):4.583117307455433
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:XsapwRQ/ClPXhF9gQ/msfdU1bLyXxvGBOHQqYX8Ly/kKRtnx/9nClskI9On:cap1iPXhHp/myU1KBvGB+QVP3Rtp9nCp
                                                                                                                                                                      MD5:A9DE94412FF9C01F5B833163C7DDF304
                                                                                                                                                                      SHA1:93CF81BE83430AA5EAD2FEC4260599C86FDDCC0E
                                                                                                                                                                      SHA-256:069DD304DB90D773336B2AA2087E17B13B63F730A8F16FF4A0D149B6478E2587
                                                                                                                                                                      SHA-512:07368DD31A517E70A28B197FC1EB80D6CAE077C43193B12EAAB854B21BBAB24AC7AE961BD2350289F0B8D2FBE8928A6DB7E384DE0D8B13E9193D78CE6523BACD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......,...v....... .. +..2...>.......|...v...H...@....*...........................................................................................................................................I.......I.qk..B.....LZv.L.G...v.L.....)...|S.v.L.....)...|S.v.L..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............A\.XM..*^;F&(/T....N...^...............t.uP...M.:{.S...........V...x....................................I.qk..B.....LZ............A\.XM..*^;F&(/T.................................v.L.....v.L.....v.L.........................................v.Lj.A..v.LT....v.L.....v.L..r..v.L.....v.L .7..v.L.....v.L .........Z4...........................................4../4......p...............C.a.l.i.b.r.i..................v.L.v.L.v.L..z...y.. x.. ...........$........4...!..7!..7...............v.L;v.L.v.L..z...y.. x.. ...........$......
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14177
                                                                                                                                                                      Entropy (8bit):5.705782002886174
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                      MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                      SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                      SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                      SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                      Entropy (8bit):4.643580412483197
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:r+fVeg3B5XNDuV3z1km/VfjTvPbL1VB0uWOPBi832KNkbR1zEQ4v8cJFXMR3J66T:EXNTihx9hX+nrS2GDf3KjH
                                                                                                                                                                      MD5:1DD427741F72FC5A72C6CF0DCFD07897
                                                                                                                                                                      SHA1:70F7FA1D9A86E81E3403C09A3EF153E5749AA6E2
                                                                                                                                                                      SHA-256:2D84A1F440DF2C1CF6DFAB100FA8F85CE1B15BF5543B0EA1841C64A5C2A00C98
                                                                                                                                                                      SHA-512:189F26AC1CA6DB3447346160DB748FA3F175BB07B52BEC165FA3D6A2C45E8094FBA4C4809EA2F382171C814AF2AC180E06E1023108365B585DA8BD123DDBA78A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....j...&&.......%..>&..(... ...@.. `..............j....%.......%..Z&..X... ...@.. `.....................................................................j....%.......%.......... ...@.. `..8........C.......C......g L....WA......WA..9..H... .Y....#z.V....n.u.Q..#.......Y.0>............yO..............y..........C(......C(..................................................!..T.....[.T.-..L..T....D..T$......T#7.....T#B.... T.^..w.!T.............0...........e....4........................u.^s.Q.@.).~b.......(...@kO.....(..."...P.l.a.i.n. .a.n.d. .S.i.m.p.l.e...j...P.a.g.e.L.o.c.I.D...L.o.c.V.e.r...P.a.g.e.V.e.r.C.o.m.m.e.n.t...P.a.g.e.O.v.e.r.i.d.e...P.a.g.e.N.a.m.e...2...0.0.0.5.2...1.....0...U.n.t.i.t.l.e.d. .p.a.g.e...........!.......!....C...|_'.QN*.....QN*t?FpN...(..f.2...T............................C...[..D...WA..n...UN..l............w.!.....F...c..,0...e...B4.$........{p.....G...^...?@kO...................`.......Z....(`...`..V?p....0.p(S.`...gm..D...!z.[a_L.gm......>...>...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.370111144737631
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:0scUoJIbgE8SXxt9RriRAojF2TLiOF9uo:0scUoJ098SXxt9xiRAojF23iOFIo
                                                                                                                                                                      MD5:487A6A54D13D3EFB40B485B8AA4358CA
                                                                                                                                                                      SHA1:5B8964D3C86E9C1E145B07F48FC720D90567E388
                                                                                                                                                                      SHA-256:7A30DD69272B03615781D5482612DE8058C9444E567E9F33827AA8E692D79FC1
                                                                                                                                                                      SHA-512:2390F60844A444DB8F65FF7D475E867964F7878A307E3489FEB4A835A524BF788C99E01BD84BFAE6796F4824C1CEBF4651620C5017021DE535072855321D3384
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ_JN....._JNpQ.Q....P..._JNpQ.Q....P..._JN..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............U...S.....m.Jd....N...^...............o..Y.H.O....... ........f........................................I.qk..B.....LZ............U...S.....m.Jd........U...S.....m.Jd........._JN....._JN....._JN........................................._JNj...._JNT.].._JN....._JN..B.._JNH...._JN..B.._JN..>.)_JN..J...................;........4...4...4..".............._JN._JN._JN..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........._JN....._JN....#_JN............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12654
                                                                                                                                                                      Entropy (8bit):7.745439197485533
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                                                      MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                                                      SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                                                      SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                                                      SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.363896538766061
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:3d2s0JSXE+p6xEataMEp8KpWXguW9pthcXTBrdhSrHAV6UjNtX83619NR36OCG:3d2sP16xplEpfpWXJW9pXc9RAYbNt
                                                                                                                                                                      MD5:93A738EB0D23B34F0707D9131A8B615B
                                                                                                                                                                      SHA1:0A40192AD04A99375085C7494B3C7FBF04A9A622
                                                                                                                                                                      SHA-256:244D034A6C706ACA859935286E98F29E85F36D0C7D2E5D1172282F83C4CAA811
                                                                                                                                                                      SHA-512:79C958F0A5DAB19EF8554A18E42D2F60AF72BFE9E8A103221DBC4C538DEBA57ACDE8AEDE1D17A69EBE8F5020AC8F8BAC05A09C35362D9B0B7A75184327EA7BAE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ/U....../U..e........{./U..e........{./U...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............j.0M`...2...A.......N...^...............:..b\u"O..".............f........................................I.qk..B.....LZ............j.0M`...2...A...........j.0M`...2...A............/U....../U....../U........................................../U.j..../U.T.]../U....../U...B../U.H..../U...B../U...>.)/U...J...................;........4...4...4.."............../U../U../U...z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4........./U....../U.....#/U.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2695
                                                                                                                                                                      Entropy (8bit):7.434963358385164
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                                                      MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                                                      SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                                                      SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                                                      SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.318497930089572
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ZHysA9qX0FucREBtOoE/Eg6XaZ9hxxclrdhSrHftXAY9hNH9:xys9euGC5E/p6XY9h3IRA/Z
                                                                                                                                                                      MD5:C74A136A7901EFD3765D844780D6A275
                                                                                                                                                                      SHA1:03E4BF6EC2435B09B49BC0DB874C92E153308BB2
                                                                                                                                                                      SHA-256:2AF2721AAA6DE49E73EE68BC8A56104497D5E03051447EB5F0753A99E9D69BCB
                                                                                                                                                                      SHA-512:1ADE14B4F64846BC3E062F0F9FFC8DC38D98249602ED272D5F8D49E796F5CFB1780A595D8D5B7A347B49A2BC1A5EA3491D030589BD68D2BA337B5D591D60B921
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.`.......`..t.......w.x.`..t.......w.x.`...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............0..A,4..5..J"......N...^.................L.F..D.LTaW..(........f........................................I.qk..B.....LZ............0..A,4..5..J"..........0..A,4..5..J"............`.......`.......`...........................................`.j.....`.T.]...`.......`...B...`.H.....`...B...`...>.).`...J...................;........4...4...4.."...............`...`...`...z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4..........`.......`.....#.`.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11040
                                                                                                                                                                      Entropy (8bit):7.929583162638891
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                                                      MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                                                      SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                                                      SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                                                      SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.486667250871125
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Cs9t3AIp24e0y4vtUEP3F7FLX2L9Stc1rdHr4ox2tX5pFIh/exUSn:Csj04ev4vWEP3FtXC9StIRL4ZBu9exU
                                                                                                                                                                      MD5:F8A6461F76D1A51BB5E82362877C0D24
                                                                                                                                                                      SHA1:959003DCF40D5EC51F87A2BE4E2C1BAB8C6312B0
                                                                                                                                                                      SHA-256:0664260C297963B3C812DF7A3C42AB3A15CB36D4C1935A7C3CB540891B766FBF
                                                                                                                                                                      SHA-512:A0A106AD95AC27A46ECB079A94A833FDD10AD083436B2DBABC1F55A29EA17405C1DA9D276CA22D296BA872715DB5E8C82B35FCD41DFD02E102A2FC6C55F337B8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ.4.......4.Cd+......a.d..4.Cd+......a.d..4...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................~q..<._3........N...^.................[M...K..eX.y.U........Z................................... ....I.qk..B.....LZ...............~q..<._3...............~q..<._3..............4.......4.......4...........................................4.j.....4.T%c...4.......4..G...4...H...4...>...4.......4. .3...................;........4...4...4.."...............4...4...4...z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4..........4.......4.....#.4.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2268
                                                                                                                                                                      Entropy (8bit):7.384274251000273
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                                                      MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                                                      SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                                                      SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                                                      SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):784
                                                                                                                                                                      Entropy (8bit):6.962539208465222
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                                                      MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                                                      SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                                                      SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                                                      SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):2.7237107534248417
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:1sfhFuJoavjPLXD9RSsvRCzEARo2ovoIo1o2ovo3o:qiaarbRwuRCwARXahIX+W
                                                                                                                                                                      MD5:2871E296D8EEB9DB9E2A19DC6349BB00
                                                                                                                                                                      SHA1:7031C112306C2784127070169D08F69343561E4D
                                                                                                                                                                      SHA-256:3278E676110EE01CAE71DD0A6611B9884CA719A495BEE0CB83DEED7B6930232D
                                                                                                                                                                      SHA-512:FF4CAFBE00BF84E7AE4B8AEC9AC1B1CE2CB5004AEC83EF9EEB739B308FF7B00E82D08D233F3B20642BC68F1FEA5DA86959DCC177E1A1700637CEE77856EE63C2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......................................................................................................................................2...>...........v................................I.......I.qk..B.....LZ..,.......,EZ.$.<.!b.u....,EZ.$.<.!b.u....,..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............o...f...kT(8b.....N...^...............f`.=;..M..iWM.J!............................................^....I.qk..B.....LZ.............o...f...kT(8b..........o...f...kT(8b............,.......,.......,...........................................,j......,T.l....,.......,..Q....,..Q....,..>....,......., .3...................;........4...4...4.."................,...,...,..z...y.. x.. ...........$........4...(..7(..7........................;........4...4...4...........,.......,....#..,............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3009
                                                                                                                                                                      Entropy (8bit):7.493528353751471
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                                                      MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                                                      SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                                                      SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                                                      SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2266
                                                                                                                                                                      Entropy (8bit):5.563021222358941
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                                                      MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                                                      SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                                                      SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                                                      SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.347001807926231
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YuWsgm1v91stj6Cg/5EgpXIOR+9qb66oMSrdQqrqFtl7BX51kEd:YRsgE91sBNg5EoXp+9qb66ERQyw7P
                                                                                                                                                                      MD5:02AEF36D174FAB5D113E989E8EE0D739
                                                                                                                                                                      SHA1:D7EC09517514BE8CC29B13A98CEC9003F3B738F1
                                                                                                                                                                      SHA-256:8F782110055CC0311AE0748CD219200B03F1F5FBB9F3DF7E44CD403C4FF10B9E
                                                                                                                                                                      SHA-512:9C80E2E340FEFBF1E73D4FA6426641B6D7D0E1D53C089B5373BDC9D5F0E82908C5F34FE5060C8FE536EC61A8D22EA1A363493221B32E6BA2C1DB9FC48EE9D419
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ|.......|...U...+%.Y..fM|...U...+%.Y..fM|....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............n.5..d...72.C..S....N...^...................W-.@..`............f........................................I.qk..B.....LZ............n.5..d...72.C..S........n.5..d...72.C..S.........|.......|.......|...........................................|..j....|..T.]..|.......|...B..|..H....|....B..|....>.)|....J...................;........4...4...4.."..............|...|...|....z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........|.......|......#|..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):99293
                                                                                                                                                                      Entropy (8bit):7.9690121496708555
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                                                      MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                                                      SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                                                      SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                                                      SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.356253799986585
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YuB0smmHMgDm8utw3hEVpyYPpXYVp9FkpotrdQqr+VBXZFDEZKB:YlsmBgDduwEPzxXYb9ipsRQySp0K
                                                                                                                                                                      MD5:D8E89406AC323362E5C3746FD03B9179
                                                                                                                                                                      SHA1:618676C4D0DDFB4E331334A9D4B2A54F5C02C9E8
                                                                                                                                                                      SHA-256:4062EFDF1614A953256481B179B864F0B9EC6FBB14E98F10CE67CAC61B0B4959
                                                                                                                                                                      SHA-512:C81EF49078D4218CDF03DD6D3C8E6189CBFAC6A35D1215CB8FBA3E9F7E36120907B96C893C987821121C95AFFE340E371C1BB8D89F12C63FDFECD3E4D89F3526
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.6.......6..'...2.V......6..'...2.V......6...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............*....t.&......Y....N...^...............V)A..e@..#............f........................................I.qk..B.....LZ............*....t.&......Y........*....t.&......Y..........6.......6.......6...........................................6.j.....6.T.]...6.......6...B...6.H.....6...B...6...>.).6...J...................;........4...4...4.."...............6...6...6...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........6.......6.....#.6.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2898
                                                                                                                                                                      Entropy (8bit):7.551512280854713
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                                                      MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                                                      SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                                                      SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                                                      SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.357360334907284
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:m9soZkmPFitb2TJESh7qXh92OJoVrdQqrRWnxpqFBXSXUrFzMg:m9s5mtic9ESh+Xh9hURQyRSqFZM
                                                                                                                                                                      MD5:56CE930BCF07F04414EA5368C74E724A
                                                                                                                                                                      SHA1:6F10B6769B9518FD182F5E8D1EA7C8EBEAB932A2
                                                                                                                                                                      SHA-256:26B013F114F95D58669AEF07535DDEE00F71F9D1E3A4E087FB85BD225284DAE4
                                                                                                                                                                      SHA-512:DBE91573EFF046B8A1B2FC9EA67C436D190292992592D639D661CCE108CE0AEEBC58606A5F6D29E878BBCCCC4740AF935178A8AE56DBD124548CB3BDEAB633E7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ..................l._.x..........l._.x.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............Rj...)+...'y.._.....N...^...............&...=fXK....H.........f........................................I.qk..B.....LZ............Rj...)+...'y.._.........Rj...)+...'y.._.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):29187
                                                                                                                                                                      Entropy (8bit):7.971308326749753
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                                                      MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                                                      SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                                                      SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                                                      SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.364550872435837
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:EsFiRyqczf+tisqXEYYOt7I1Xcn9AQyNozBrdQqrA1czTCBXTk91qjIdXBPd:Eshzf+EVEYY60XQ9eWBRQyvuo
                                                                                                                                                                      MD5:9B135481069F6674F0A43AF0E6BCFD34
                                                                                                                                                                      SHA1:BB140869D7094F5FB2B8EDDF2E589A0B6BC9E582
                                                                                                                                                                      SHA-256:0B751A865CBB8C708CDE65009569188169BFEE0EA650D4298293A5A33745A35F
                                                                                                                                                                      SHA-512:C64D4A822BF704BC95687A9E3F6FD40B91D437AF65AB9E431666B24EAC8A1DF3EB5986B9199BFD7E5862E8FAF0CBDDC6D1B4E46DA10AA67915D7FED988F6CAE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZI.......I..P.;..5.2=...I..P.;..5.2=...I....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................V.....ugP.......N...^................]U.w.N.[..Y.v........f........................................I.qk..B.....LZ................V.....ugP...............V.....ugP............I.......I.......I...........................................I..j....I..T.]..I.......I...B..I..H....I....B..I....>.)I....J...................;........4...4...4.."..............I...I...I....z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........I.......I......#I..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4819
                                                                                                                                                                      Entropy (8bit):7.874649683222419
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                                                      MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                                                      SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                                                      SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                                                      SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.3625200785982345
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:msvh+KAad11AmtMM9EnV5HZXjLufo9+To9rdQqra3IIf7BXtEGkfKpaV9:msQJaf1AmDEVtZX19scRQywIGyf
                                                                                                                                                                      MD5:36025D79D31D15758DF5631125C0F2F1
                                                                                                                                                                      SHA1:D2B0C6D2A1E9DC2B465E981950C79FFADF056B65
                                                                                                                                                                      SHA-256:723A517DF6B53BA98D578149528F7469B2E54E509906263B1282034D68C8A981
                                                                                                                                                                      SHA-512:1E65FDDAB838B63C15579E41EAC981849661A8A2FBDAC6624D0983F9D4494A546B3414A5E127254545F20D0AFD9D739F6B51A3449964CE69D74CDF4B44CECF6C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................I.......I.qk..B.....LZ...........UZb..7....:?...UZb..7....:?.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............w..M..n.-...L[......N...^.................i...B.~J%.R;n........f........................................I.qk..B.....LZ............w..M..n.-...L[..........w..M..n.-...L[..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1717
                                                                                                                                                                      Entropy (8bit):7.154087739587035
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                                                      MD5:943371B39CA847674998535110462220
                                                                                                                                                                      SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                                                      SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                                                      SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.375166412120548
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:HesBJjH2muEKd5bXN9rGLBRQyEf5jiABmYPc:+s72iK3XN9r+BRJEf
                                                                                                                                                                      MD5:ADBD49591B668BA5DADAE505361AD4BF
                                                                                                                                                                      SHA1:2AC3AE0FACB3712D3BE8D5FFA9BBA0851813E789
                                                                                                                                                                      SHA-256:A02EF60FE1FB92168747386429465E41AC42826A86B21902354C5FE3AA8C70D1
                                                                                                                                                                      SHA-512:456AA56515B63B21DD748B619B85CE692D28C181048F2A78A56091D325E976745F4B08759AE508364C5D750147B65CA9ADD92B9115BC57A70C7531F5A879AC3D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.........LuC..>...:..^..LuC..>...:..^....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................}\)...K.)..'....N...^...............jL&../.A...{..=........f........................................I.qk..B.....LZ...............}\)...K.)..'...........}\)...K.)..'....................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3555
                                                                                                                                                                      Entropy (8bit):7.686253071499049
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                                                      MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                                                      SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                                                      SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                                                      SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.3559388572325215
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:AsayZrUYsJ2tLFgaSElnXkH9C3odrdQqrbwmXtBXNWVX9S5DiIVMlS8:AsvZwJ2lSEVXg9EMRQyEKGVw5+IVMlS
                                                                                                                                                                      MD5:C1142FDB44A259BAB8FB596C87E9ED00
                                                                                                                                                                      SHA1:823AE6CA2376A780A6A0140ED0A7E13F49D6E0AE
                                                                                                                                                                      SHA-256:725242EB22FF65B72C8A393250B919F8F56DC0182D8E00426B7152CE18A712C8
                                                                                                                                                                      SHA-512:9234E32955107DB22299FC6DA0EB4ACE4B8A8BDCC3908EBF77DA8E428C57975ADF2F8ED08DA8BB8A22A62F1AB9231796A651E64B587424F50E82E5F248BCE8F1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........7[g1..@..r0.....7[g1..@..r0.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............yU{'.L..*.....I....N...^..................T.CA..)..4d.........f........................................I.qk..B.....LZ............yU{'.L..*.....I........yU{'.L..*.....I........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3428
                                                                                                                                                                      Entropy (8bit):7.766473352510893
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                                                      MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                                                      SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                                                      SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                                                      SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.321641495380252
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Rz2sOqDn/g46cmtAKfq2EXNrx7a4XDfw9GKohrdQqrlUyxB/6BX+u7F9Unr+27+h:Qsn96cmaMEXNrxG4XE9VoRQyz6j
                                                                                                                                                                      MD5:5D9C99FC9363D5494F212ADC5CE7F14A
                                                                                                                                                                      SHA1:8EEDDA7E66C90FCEB0DC94C0816A57F54697753F
                                                                                                                                                                      SHA-256:8F8B49882EA5838843E5D1E35A171A20E4766417892074B10588DF0863B8F927
                                                                                                                                                                      SHA-512:CCC1EE528EEFE3057F23E39B45376D49B074C94377B4CEEA540B719A28507907CB198196686B177ECFF588713299328BE7F0BF2C51C3D53A539E257E0D70918E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZM.l.....M.l.<GJ.(...V...M.l.<GJ.(...V...M.l..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............p{.D......../......N...^...............k..Y.._A...0............f........................................I.qk..B.....LZ............p{.D......../..........p{.D......../...........M.l.....M.l.....M.l.........................................M.lj....M.lT.]..M.l.....M.l..B..M.lH....M.l..B..M.l..>.)M.l..J...................;........4...4...4.."..............M.l.M.l.M.l..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........M.l.....M.l....#M.l............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65589
                                                                                                                                                                      Entropy (8bit):7.960181939300061
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                                                      MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                                                      SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                                                      SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                                                      SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.34819860230331
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:msNJQgxrdtfpEmdP0hX/Lh9+37oBrdQqrg+ixBX1bkcR0t:msogxrdPEmdeX/19a74RQyAx/x0
                                                                                                                                                                      MD5:77F9AEC20435628038535C1E68016B80
                                                                                                                                                                      SHA1:A681ACFAA8B5BBFDA31F74427E669782B547E806
                                                                                                                                                                      SHA-256:E1FED9B33321F8C6538295F7F012A3026CC4E40FC055C76E2DAB8030B9D13A07
                                                                                                                                                                      SHA-512:EABB5B4889254619257949D57064F61EF1F711102A2E67E2A7E6BB6B74A7EF2D697FB346DFA7281C8B25146459388BFC461DA82C0B87A23E846D85F5DAA2B46D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......V...v...J...................................................................................................................................2...>...2.......v...~............................c.......c.6....7...R@.?.I.......I.qk..B.....LZ.c.6....7...R@.?.c...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............eB.L.4..-+...Fp.....N...^..................9J~fE.r1............f........................................I.qk..B.....LZ............eB.L.4..-+...Fp.........eB.L.4..-+...Fp...........c.......c.......c...........................................c.j.....c.T.]...c.......c...B...c.H.....c...B...c...>.).c...J...................;........4...4...4.."...............c...c...c...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........c.......c.....#.c.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1873
                                                                                                                                                                      Entropy (8bit):7.534961703340853
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                                                      MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                                                      SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                                                      SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                                                      SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.472329138004562
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:GsKJ8WbUYLtUEePXO9byEbo1rdQVruOXBXwiGkBhdf:GsFEUYLWEwXO9ZbURQ5xqM
                                                                                                                                                                      MD5:A96954AE250DB71BD94787EE2DF4F243
                                                                                                                                                                      SHA1:6591DE12E3F829E3E421750F1B0BA294712BA802
                                                                                                                                                                      SHA-256:F4A7AEC30A9E6BF72030F2D1D7484D903DF1802ADC773FC530B5DFEBE6F1EB72
                                                                                                                                                                      SHA-512:5C8A8A62881A4FF00901509A733587324775D5A1F581DA6FFC9C4E3D231DCE9EE929A7A27434C22D95AEEEDA17F8791DEDB09A84D8A168040445FDDD539A0ECB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ............R.a.(|...5.....R.a.(|...5......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............i=......b.J.B......N...^...............5%.DO.6K...p..5.........Z........................................I.qk..B.....LZ.............i=......b.J.B...........i=......b.J.B..........................................................................j.......T$c...............G.......H.......>............. .3...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5465
                                                                                                                                                                      Entropy (8bit):7.79401348966645
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                                                      MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                                                      SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                                                      SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                                                      SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3361
                                                                                                                                                                      Entropy (8bit):7.619405839796034
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                                                      MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                                                      SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                                                      SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                                                      SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.347245694991927
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:qsr28HeyRh/hEXxXLx9WGW7YRQyPkYl8JuFnvV:qsr28+khmhXl9WVYRJPLl8JuFnv
                                                                                                                                                                      MD5:BC9EE0ED554154F6F1B84947BAB66F39
                                                                                                                                                                      SHA1:B1F0B3B8C9B917CF303BFFA3CEB9E1BE1304B261
                                                                                                                                                                      SHA-256:7FE51CACB7E24B7F14FB531E23C0A666389AE27469B56C09DE38BEBE79992137
                                                                                                                                                                      SHA-512:EF7C86C0A9573E9FF696849E5B288C92E9885050874DD51E0B6B62371AEA7C6F44F3E7032B37716ED889AEB17A49E9EB7466EBEBC45012D03729B2009CC2F0B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ^CD.....^CD...Q.+we.1.I4^CD...Q.+we.1.I4^CD..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............./.w*..g.-j.....:....N...^................4...i.M.xB.:...........f........................................I.qk..B.....LZ............/.w*..g.-j.....:......../.w*..g.-j.....:.........^CD.....^CD.....^CD.........................................^CDj....^CDT.]..^CD.....^CD..B..^CDH....^CD..B..^CD..>.)^CD..J...................;........4...4...4.."..............^CD.^CD.^CD..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........^CD.....^CD....#^CD............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):140755
                                                                                                                                                                      Entropy (8bit):7.9013245181576695
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                                                      MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                                                      SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                                                      SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                                                      SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.339511663885265
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:YW62gsDPTNXT+EuVoXLo9eryZRQyKVeH8v:usDTduVoXE9erARJ+
                                                                                                                                                                      MD5:CB79DD127F89B18A3DC34BD978004054
                                                                                                                                                                      SHA1:21FF20A7E0D5C40DAD645072735B8B506C79EACC
                                                                                                                                                                      SHA-256:DF8A7D29036C5DA6180F49BE18D5868A7BA7A4E45BDA9931D0478A81A5EB7D34
                                                                                                                                                                      SHA-512:CAA8E3D0F362785554EECF444315F02C75F13A53F0451F6DA5ACD219177490290C9D03A8D7CDFE3E0CE9084807D9554895B8056804C53C300D6AEA82D671058D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ}.S.....}.S...f.(ud..i..}.S...f.(ud..i..}.S..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............J?..X.....(.......N...^..................A.l!@.uA..r^u........f........................................I.qk..B.....LZ..............J?..X.....(.............J?..X.....(............}.S.....}.S.....}.S.........................................}.Sj....}.ST.]..}.S.....}.S..B..}.SH....}.S..B..}.S..>.)}.S..J...................;........4...4...4.."..............}.S.}.S.}.S..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........}.S.....}.S....#}.S............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129887
                                                                                                                                                                      Entropy (8bit):7.8877849553452695
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                                                      MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                                                      SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                                                      SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                                                      SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.346782801793628
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YuRKBsBST9uH0Vxts57ZEr7LtXX89+9oXl7rdQqryuG0BXluTXTujT7VTWTXTOpT:YRsD0VxS9ZEr7ZXs9+9alRQye0f
                                                                                                                                                                      MD5:CA14FE8E2EF17408BB3AF9208A9F3BE6
                                                                                                                                                                      SHA1:A7E372F8786F5AC1E99739E0B9C6BD7B9EF0B73C
                                                                                                                                                                      SHA-256:0FC6D7586DD49CFAE7D82BE4E69F4594A7D558429645D2E6C483A7C6B52FBD5D
                                                                                                                                                                      SHA-512:C211C19409D96F9F3543EB5D8A9479E9839F92D8647FCF505FD4927BD17054B474F44BE9BE94CB71EEB4E598AFABC4CEECAF6783BCA2406ABD180F5E2462C787
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ..N.......N.b+.....".j....N.b+.....".j....N..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............&..UV}..M.C.;q....N...^................L4..D...x8..{........f........................................I.qk..B.....LZ.............&..UV}..M.C.;q.........&..UV}..M.C.;q...........N.......N.......N...........................................Nj......NT.]....N.......N..B....NH......N..B....N..>.)..N..J...................;........4...4...4.."................N...N...N..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4...........N.......N....#..N............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):84941
                                                                                                                                                                      Entropy (8bit):7.966881945560921
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                                                      MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                                                      SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                                                      SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                                                      SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.306603475666256
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:YJDsx769u7hEPBBXIVB9KWERQyF5bCx5i:6sx769u6PfXs9KWERJ7bCx5
                                                                                                                                                                      MD5:CC506819831D6D20D51E08139BD6305E
                                                                                                                                                                      SHA1:197EF84DDDFE640D18E9264E625FA9C3D3BC67D9
                                                                                                                                                                      SHA-256:0253F0174323D3977B3A31BA624A7C9916422C2C7FCD07CCA7F7C22B282F03D2
                                                                                                                                                                      SHA-512:4DFA3F4E87C9356C07E1A5A499E48FB0464DCFB1DD75426852EE85AB2311C26DA6A5905B33432341F733EC16AAA7FC373D29C5CFBB46980D44D6F8DF802042EE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZd=......d=.p....4.T<35l.d=.p....4.T<35l.d=...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............d>(4..>...........N...^.................d.+~.E....4..d........f........................................I.qk..B.....LZ.............d>(4..>................d>(4..>................d=......d=......d=..........................................d=.j....d=.T.]..d=......d=...B..d=.H....d=...B..d=...>.)d=...J...................;........4...4...4.."..............d=..d=..d=...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........d=......d=.....#d=.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1569
                                                                                                                                                                      Entropy (8bit):7.583832946136897
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                                                      MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                                                      SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                                                      SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                                                      SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.341393123966077
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:wsuQ3gW96tZw8E+YlLWXXD894dCohjrdQqrLpC7BX9C09snaLB:ws/g+6rVEplSXXD894dCgjRQyE7j6aL
                                                                                                                                                                      MD5:86D288AC91F961C37E6C78A9F76FDF07
                                                                                                                                                                      SHA1:F58885EDEF0844FCD9DCD7AD34CA683F8BBE3AEF
                                                                                                                                                                      SHA-256:C33BDBB95CB6D2135ADFB64322797AE02C7230096FE48C6AD8358DC8E2EC14AA
                                                                                                                                                                      SHA-512:95317A55BCD6EA5BCB33EDF5CC9AFF8EA317158FF64B6BFB38B7EF12955B4B50B54CEB0764DC270B59C4D8B0D8239DC392F057A7B08428EDD7D71A396040C963
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ...........?g.D....3..r ...?g.D....3..r .....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............W.Yr.$.7..h%.......N...^...............F..u...I..^...P4........f........................................I.qk..B.....LZ.............W.Yr.$.7..h%............W.Yr.$.7..h%...........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40035
                                                                                                                                                                      Entropy (8bit):7.360144465307449
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                                                      MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                                                      SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                                                      SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                                                      SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.635580065723012
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:JTs9CX+rtE3/vXa+9GrsRQyoIi1dRirzT:VsYX33/vXN9GrsRJo
                                                                                                                                                                      MD5:879D19402B99B574B9297FA6ECD6CC67
                                                                                                                                                                      SHA1:451D170DD953B7CABEC879592F00310696740555
                                                                                                                                                                      SHA-256:50B4B37BEACA8739FC9D0D9F777E0F3CB707C4D525BA3C4642A8ECBE2E3013D4
                                                                                                                                                                      SHA-512:5A8188EF5B84C701222F034177A36FCF2675F7D4DC971FE10BF6EE123959CF6CC1516231D05A16C03D953A646D17A116DBADED7DE38461735852B96AC22EC74D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v...~...................................................................................................................................2...>...f.......v..........................................[.T....$+eZ.I.......I.qk..B.....LZ...[.T....$+eZ.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............y1..yfX.,n..l+./....N...^...............p... .A..@..#aT........f...................................:....I.qk..B.....LZ............y1..yfX.,n..l+./........y1..yfX.,n..l+./........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):242903
                                                                                                                                                                      Entropy (8bit):7.944495275553473
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                                                      MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                                                      SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                                                      SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                                                      SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.337332854714349
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:YZsGSFAhWZmbHSbpLEXMRFXIL9KCbIRQyS1QMFEFvQGoJQJlL:qsGSFu6iHcKXMRFXIL9KCERJS1QMFEFn
                                                                                                                                                                      MD5:E62EFAB6BE2B7C971ECB27F5FA7650C6
                                                                                                                                                                      SHA1:66A3FAA5AFF08D909A6CB0C9402CDC551C10FCAC
                                                                                                                                                                      SHA-256:242BCCA8EAA622E8AB697A3E8762BB14184493BE9F976E1433F1558201C5F9F9
                                                                                                                                                                      SHA-512:87EA8832C693E044B3846091D8606337B3D44D2DB5A750F18DC7539ACAE3856EA098BF4D02187673829A1DF176BED7B9EAE6A10314BD3B802527FE3013FA7B0D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x...........................]H......]H.Bt.....z.a..e.I.......I.qk..B.....LZ]H.Bt.....z.a..e]H...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..................s..,..j..T.....N...^...............V.).'f.D./..ht8.........f........................................I.qk..B.....LZ.................s..,..j..T..............s..,..j..T..........]H......]H......]H..........................................]H.j....]H.T.]..]H......]H...B..]H.H....]H...B..]H...>.)]H...J...................;........4...4...4.."..............]H..]H..]H...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4.........]H......]H.....#]H.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):70028
                                                                                                                                                                      Entropy (8bit):7.742089280742944
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                                                      MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                                                      SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                                                      SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                                                      SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.2718836329216705
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:isS6cecTz0KQqIGt2kaGE5VLPaIXWtvzI9ORFoFrdQqrsn8KdBXjxdpdmwB:isJYMXG0eE5VmIXczI9ODsRQyqBlXJ
                                                                                                                                                                      MD5:243198ADAC436DEFAF132F9C63C6C3AA
                                                                                                                                                                      SHA1:8D1C990355101461550369F263167BCD510CFDCD
                                                                                                                                                                      SHA-256:B35474102CEB7D065E1859C8EF3F5E5E840021E255B0AF3AE0E242A2D712715F
                                                                                                                                                                      SHA-512:518A81B6C83E6678574D68432BD346A9E4D18582AEDA61E6281146C6CF96983E8DF66C8FC510D8FABA75D73D0ADC7B546B5374F58651391D7BEEDC39DE7BC859
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ...........$Q...)......(...$Q...)......(.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............~..p...7KV.4.=....N...^.................R2.O..-#55f.........f........................................I.qk..B.....LZ..............~..p...7KV.4.=..........~..p...7KV.4.=........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24268
                                                                                                                                                                      Entropy (8bit):6.946124661664625
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                      MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                      SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                      SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                      SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.318088557332086
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2sEmhTGm+tGYvMEr0KXNx9bmOolrdQqrDxPoBXE9pDlrF:2sEkG38EnXNx9bmOMRQytowr
                                                                                                                                                                      MD5:BF82AC6722D2423E81ECBBE663CE8E1B
                                                                                                                                                                      SHA1:DE812C6CB28347795CC028F22D0FD3870C51D123
                                                                                                                                                                      SHA-256:9BF2AED62C429B143B810A51BEBC0C7FFC73CD1E68603566B970FCD4E8DEEFB4
                                                                                                                                                                      SHA-512:457DC493F7B94C9DF7421965CE879511CB67032136943B5169C71A063FF81F2CCEC5C889CC89D201D6296DB26A870733072F73D4E394F36883C330C2E3D32D0F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.D!......D!.f...4.t.@rKQ.D!.f...4.t.@rKQ.D!..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................x.%Q.J2.#]....N...^.....................j@..{T...f........f........................................I.qk..B.....LZ..................x.%Q.J2.#]..............x.%Q.J2.#]..........D!......D!......D!..........................................D!j.....D!T.]...D!......D!..B...D!H.....D!..B...D!..>.).D!..J...................;........4...4...4.."...............D!..D!..D!..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........D!......D!....#.D!............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):47294
                                                                                                                                                                      Entropy (8bit):7.497888607667405
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                                                      MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                                                      SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                                                      SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                                                      SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.4720561167847
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:4s5gj4mtxmEwLaFLFXC9tUgoFrdQqrHZUBX6IbkJyOx:4s04mCEwCXC9+gERQyqXTO
                                                                                                                                                                      MD5:947E388B2F14B41185F6BC402F4A482A
                                                                                                                                                                      SHA1:BD0F9663CC7B8F4097DDF3B43C0F00DC415042CF
                                                                                                                                                                      SHA-256:7DF942543D508FE2D9F96FC5E6DADE92C14FBAB1C1A05646713D052E23335AFA
                                                                                                                                                                      SHA-512:519838F872CFF85BDEE8591A5BB273025084A3009D95D98B7102505FFC425A153A1748F682D31EA462FBB6B8790E319996312557F94AB4BABA856DDCCB899419
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ.@.......@....&.X.U...@....&.X.U...@...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............../.. C.$nb..g.u....N...^...................'.cJ...`*`........f........................................I.qk..B.....LZ............../.. C.$nb..g.u........../.. C.$nb..g.u..........@.......@.......@...........................................@.j.....@.T.]...@.......@..B...@.H.....@...B...@...>.).@...J...................;........4...4...4.."...............@...@...@...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........@.......@.....#.@.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):347
                                                                                                                                                                      Entropy (8bit):6.85024426015615
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                                                      MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                                                      SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                                                      SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                                                      SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.354130388030968
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:wsZGOCjkPVNNtoDqE6UXma29+8ohrdQqr83ej0BXy6ge9JyZxgVJPb:wsUANrErXF29+8wRQy83u0r
                                                                                                                                                                      MD5:9A717EB7465A82B969516FBD8414151E
                                                                                                                                                                      SHA1:0C3E18000EADCE50F1D0C768EB51706207CC5DA7
                                                                                                                                                                      SHA-256:85C753156F52BA679818067CA6D4330EE1F81E094B434E385A29781B61ED2E68
                                                                                                                                                                      SHA-512:82415B287ECF21EE49303F7BD8030E795560DA2A2E3C2A2537EBA59E792F39578FF8682E5DD3C961355FD5B0696E93E98D08AEF310E283F6F30D2233A4725838
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.............'..._........'..._......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................8.T_......e......N...^.................W..VK......YE........f........................................I.qk..B.....LZ...............8.T_......e.............8.T_......e......................................................................j......T.].............B....H........B......>.)....J...................;........4...4...4.."........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4......................#..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):827
                                                                                                                                                                      Entropy (8bit):7.23139555596658
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                                                      MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                                                      SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                                                      SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                                                      SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.323817276866818
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:eyys4z0WmB0EXnFXA+9yWD2ZRQys/GnW6NG:is4ZmXXnFXA+9y28RJyqW6N
                                                                                                                                                                      MD5:E45F61455E2C752E1022F161CE498F8F
                                                                                                                                                                      SHA1:17427B0FF2AED8945641895AAC7D3D67E15FBF45
                                                                                                                                                                      SHA-256:ED9DA17F391804F6B1541F74CD623571CA72EFFC7123D4C91E83D9E57B35FA0D
                                                                                                                                                                      SHA-512:6E208376A37D0F2068C2DF90A9A4308082D84FF1A2931AC65E313A5AD2362E36145A2D75C2BD71533B92B4185C0D9CD6908D8BD98DF905B8DD2BD596129FD467
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.X.......X..l....GEuR.A9.X..l....GEuR.A9.X...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............r.e.U.^.8.........N...^................2u.7.6G....v...........f........................................I.qk..B.....LZ............r.e.U.^.8.............r.e.U.^.8...............X.......X.......X...........................................X.j.....X.T.]...X.......X...B...X.H.....X...B...X...>.).X...J...................;........4...4...4.."...............X...X...X...z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........X.......X.....#.X.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4410
                                                                                                                                                                      Entropy (8bit):7.857636973514526
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                                                      MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                                                      SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                                                      SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                                                      SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.351563552066074
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:YeksDjrc93orLHPEZnf0MXsM9eAeBRQyGLIrqcyoz:FksoocB0MXsM9eAURJGL
                                                                                                                                                                      MD5:83B82BF53BD9D38B313223ECD704A303
                                                                                                                                                                      SHA1:23831DAB4955AABEB379C5839DCB89FFA7075F55
                                                                                                                                                                      SHA-256:D2BB269134FEAFDE705C62925298303DEC7A6D6ABDFD4012C0BB9EF11634F0C5
                                                                                                                                                                      SHA-512:AAFAB6BA64EF9E9339273CFEA1E72D186180409921AC0A28C08FD97E7D97CD364C3583CE4D5CC25A03AB7CBC51EBFDA1BCBFC8A93C394F2FBE60C033530099B2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ............*.).2o.iy......*.).2o.iy.......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............q{w....TG.........N...^................X._.A.4A.{.|.........f........................................I.qk..B.....LZ..............q{w....TG...............q{w....TG.............................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):136726
                                                                                                                                                                      Entropy (8bit):7.973487854173386
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                                                      MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                                                      SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                                                      SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                                                      SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.326008630488347
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:lzQssceslPnThLcutw/0uxEKHLR9Xxp39qUowCrdQqrqYm0BX+lIP4ZksJ4mp:lzQsiOLcuGZxEKHnXxh9qUYRQyZIr5
                                                                                                                                                                      MD5:114ECFDA47706EE4A0B9FDA83F7DD6A5
                                                                                                                                                                      SHA1:251566F823A359EE3F07098BE6A89B264B27362C
                                                                                                                                                                      SHA-256:2A38491797F332F716477B84CAA4300C21A39E39EDEA413B22F647D55AE41C1A
                                                                                                                                                                      SHA-512:263C81B37F99E65FABFFB3C0F06B16F771D2E6FB9B5AFD052851E0E75B723D036403B9D0D64C2B953ED57A896E32FDA13B4D4ACD91D97D9C5A3ADD4B3EE23690
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.qT......qTZ.P....<.2...qTZ.P....<.2...qT..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'............. X....+.2..q.x.....N...^...............BL..a.=I....O..........f........................................I.qk..B.....LZ............ X....+.2..q.x......... X....+.2..q.x...........qT......qT......qT..........................................qTj.....qTT.]...qT......qT..B...qTH.....qT..B...qT..>.).qT..J...................;........4...4...4.."...............qT..qT..qT..z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4..........qT......qT....#.qT............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5136
                                                                                                                                                                      Entropy (8bit):7.622045262603241
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                                                      MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                                                      SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                                                      SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                                                      SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.414558185673008
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:psKDN0wYDaYSqJaS9sEZXd9Y9WUYRQy/OqOUVNTYQXMD:psKDN0w6aYSqJ97ZXd29WUYRJ/JnVNTV
                                                                                                                                                                      MD5:EE14FAD701178B1FEAEB891767E27D33
                                                                                                                                                                      SHA1:39D97AE1F9C5B0D6983037291526AD9C69493D60
                                                                                                                                                                      SHA-256:456F63ED99EF8BF9EB6D1B12FA0CCC3896D5AB1901333C7F73C1F9C3BE5B677D
                                                                                                                                                                      SHA-512:9F1502D36FF2CB2AA7C32B6DCFE7B61367DFE5906488D1B238FC12E6520EC81F48F6421901938924398DD53C6153774DCA3BF9BA95FC1B2F13F752733ED43BB2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ............ ......-.j=..... ......-.j=......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................>W.F.*.:....|....N...^.................S..!M..-=..C*........f........................................I.qk..B.....LZ...............>W.F.*.:....|...........>W.F.*.:....|........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52945
                                                                                                                                                                      Entropy (8bit):7.6490972666456765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                      MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                      SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                      SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                      SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.443439984221025
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:zWKprsSqWQ/6+zg5i+t4vgEbLoXXYX79Wd3FrdqrbWbBXoM2s6+0BkD+06XB:rprsSa/oi+REbLX79Wd1Rys5z/Ij06X
                                                                                                                                                                      MD5:FE6185C423613626066FE79234D86A87
                                                                                                                                                                      SHA1:0E7C2E7419BA550680973C1764AFE9F39160AEBF
                                                                                                                                                                      SHA-256:D3E81F3A4DC5A675AA43CFBB57425BC1F264B0DB64F42353080A1DDE88ECC2D7
                                                                                                                                                                      SHA-512:A85C5D247C751A1D1E3708D6A36C7E5E47EED8764B36BD4163AAD66F8D7ED67D451CE2D9F6E13F80A056CFC0AB50951AED110B0DFFE6DA484F7FAD35E8424D47
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZ.........$..;$' G(Yh...$..;$' G(Yh...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............$.....m....S........N...^...................+..B.DQw..+.........f........................................I.qk..B.....LZ............$.....m....S............$.....m....S....................................................................j.....T.]...........B...H.......B.....>.)...J...................;........4...4...4..".....................z...y.. x.. ...........$........4...)..7)..7........................;........4...4...4....................#.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):79656
                                                                                                                                                                      Entropy (8bit):7.966459570826366
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                                                      MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                                                      SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                                                      SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                                                      SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.475399570787079
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:AshIyudKgf/Eh+tzG6EWn/ql5XMf9zs5koFrdqr2pUfVcrRXGOuBuIbgHu7p97XJ:AsOEh+XEtXMf9zQk8Ry2BrIr
                                                                                                                                                                      MD5:24AC1A266EF2F16356AD05F2957D05C0
                                                                                                                                                                      SHA1:AC9A5ADAC67BA357C8148E9C5197BBE4C8751B27
                                                                                                                                                                      SHA-256:0B9DD27986F2A920011DA907C1D043DB5FE4F299BA9AD4741F1373FBC3B11763
                                                                                                                                                                      SHA-512:93AAA2B73CF9379D49DD6688CAEF17539BDB66AE85273A08855059F35D0366F109DAA54EC755DB3F20622231A2AE8867715ACF9801ABE13158DC69E97BC828E0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......p...v...d.....................................................?....?........................................................................2...>...L.......v................................I.......I.qk..B.....LZ..3.......3(t9..=..NK...3(t9..=..NK...3..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............Z9.W7.8.~...2C....N...^...............@.j....H..(pX..........f................................... ....I.qk..B.....LZ..............Z9.W7.8.~...2C..........Z9.W7.8.~...2C...........3.......3.......3...........................................3j......3T.]....3.......3..B....3H......3..B....3..>.)..3..J...................;........4...4...4.."................3...3...3..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4...........3.......3....#..3............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40884
                                                                                                                                                                      Entropy (8bit):7.545929039957292
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                      MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                      SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                      SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                      SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.353233182943277
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Ylsm6WxsIEd+PXfI93mwRy06Q7ApNQF76pNATk:2smFxSgPXfI93mwRy06GAnQF76n4k
                                                                                                                                                                      MD5:60262D96B59D18C5A8E9E7C9B445C9EA
                                                                                                                                                                      SHA1:20A921D6B018F0BEB73F07BCFD718D1BE86FE904
                                                                                                                                                                      SHA-256:68404256B71A7ADD9B083FF19EAF87B9E371986F2B0EB13047078F1BEDE2FEAC
                                                                                                                                                                      SHA-512:35530FBAC09DDC203562458A33F344D05747D867BA73861632FB3C7A03D200E853D217D2E41ABAE1EEBD43BA100C08ABA66A8E913A38EA6258C5B01FEAEE6C9C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ.[......[B....)..i`.(@.[B....)..i`.(@.[..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............QrZQ.)5...b2S.e.....N...^.................OT+Y.O....$.R`........f........................................I.qk..B.....LZ............QrZQ.)5...b2S.e.........QrZQ.)5...b2S.e...........[......[......[..........................................[j.....[T.]...[......[..B...[H.....[..B...[..>.).[..J...................;........4...4...4.."...............[..[..[..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........[......[....#.[............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):68633
                                                                                                                                                                      Entropy (8bit):7.709776384921022
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                      MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                      SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                      SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                      SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.445524078700225
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:5HyscebXmEg38BmXhXY9DQsRyIA8ieFU:5HyscebTg3UmXhXY9DQsRyIR
                                                                                                                                                                      MD5:BDA547C724E6F3231322B868F781294C
                                                                                                                                                                      SHA1:6C48B8374F3A392E68660B8E60F640CF863D03D5
                                                                                                                                                                      SHA-256:CBAB898DC2708B0DE29D7AD74E4670DCEDC208C34156317635E950CEE29BC4FD
                                                                                                                                                                      SHA-512:BA890979B19408F5983C75C0EC369A7E72040AE845D6195EE554C436B24FF54ACA618211C99C9E47AE896C3B83914FCD240528FBCDDE0BD28225238B3CD18A13
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......t...v...h...................................................................................................................................2...>...P.......v................................I.......I.qk..B.....LZWRl.....WRl.w...a.:.]eWRl.w...a.:.]eWRl..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............Z:..#{4.7k ..C....N...^.....................A.)..e..n........f...................................$....I.qk..B.....LZ............Z:..#{4.7k ..C........Z:..#{4.7k ..C.........WRl.....WRl.....WRl.........................................WRlj....WRlT.]..WRl.....WRl..B..WRlH....WRl..B..WRl..>.)WRl..J...................;........4...4...4.."..............WRl.WRl.WRl..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........WRl.....WRl....#WRl............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11043
                                                                                                                                                                      Entropy (8bit):7.96811228801767
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                                                      MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                                                      SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                                                      SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                                                      SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.3390629532227845
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:SCcshtXRdwogX2AoEQ8BXiNB9TOkRyWSXxywf9:SCcshtX0oW2SQ4Xiz9TOkRyWSXxywf
                                                                                                                                                                      MD5:25B2A7A95B991005CEA67AA0BA364A92
                                                                                                                                                                      SHA1:5212936CB57333B3CC396CA48ABAF4BC48EB1629
                                                                                                                                                                      SHA-256:85ABD00F3CF0AEFDF286450B6B1FFDD4517D272355A71AA419D52A4ECA5CF555
                                                                                                                                                                      SHA-512:1EF030EC181853F91020D16BE275E5E2C4EB8BA612D9D66E0D50344D8014299F8D848C2D2712B19BE689927ED07160423E79978DDB83272A7D43A4DA89913773
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z......................................Gy...4."fhF.@.I.......I.qk..B.....LZ...Gy...4."fhF.@.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............[.z...............N...^...............".J....J...H 1..........f........................................I.qk..B.....LZ............[.z...................[.z...................................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):647
                                                                                                                                                                      Entropy (8bit):6.854433034679255
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                                                      MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                                                      SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                                                      SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                                                      SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.334455988625006
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ys82jL0NLttMEL5EjFLQcXumD97mo9rdqrKX+iXtYRXlDHskArshg:yskNLtKgEjF8cXumD97msRyK99YnwM
                                                                                                                                                                      MD5:D6FF57C0D94843593D20C8163BEE7EFB
                                                                                                                                                                      SHA1:908BC788790DED796941B968813D58E0AD10D477
                                                                                                                                                                      SHA-256:BBB57E5A83DED41B7A6B8803502EF0859CCAD194642732FCBFEA0A8FDFBC75F5
                                                                                                                                                                      SHA-512:02016DE2B8F98D8BC21399D62C756A838C2AE1B0487128DF6AEB7E1F49F0B2792C8D66CDD8899A43AF401C883DA804B09258098ACB7655193AD17BD6DAAB829F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|.......................................]...:...H."L.I.......I.qk..B.....LZ....]...:...H."L.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................v..%...jpae....N...^...............'Ue$..F..F..7..........f........................................I.qk..B.....LZ................v..%...jpae............v..%...jpae........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52912
                                                                                                                                                                      Entropy (8bit):7.679147474806877
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                                                      MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                                                      SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                                                      SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                                                      SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.325836067463785
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:qsiLSFRdEk4XqA19zesRyJKtOsjvzOAqZ:qs9Fck4Xj9zesRyIj
                                                                                                                                                                      MD5:C5F2CD5DD7DDC263DA8E30C86FF78D61
                                                                                                                                                                      SHA1:9C359A7FE5137192D26BC1EA17C2637D8F194A7F
                                                                                                                                                                      SHA-256:0457700D991F794E7971691A9318BEFFC5E8B1A68AF315146B7B67BF1DA5E261
                                                                                                                                                                      SHA-512:2864DA50945D2BBCBCEC8E0DB8402EF2AF29F6BBA15BA22A82A3729A789813940FC131A3A5D029F984EB20EC5C6D58012128D0D5D8002192788A669BA3EA66B6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.1.......1.W..y...& g....1.W..y...& g....1...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.......................'..v......N...^..................h..L.Wsn...)........f........................................I.qk..B.....LZ......................'..v....................'..v............1.......1.......1...........................................1.j.....1.T.]...1.......1...B...1.H.....1...B...1...>.).1...J...................;........4...4...4.."...............1...1...1...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........1.......1.....#.1.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):27862
                                                                                                                                                                      Entropy (8bit):7.238903610770013
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                      MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                      SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                      SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                      SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.5076581368834985
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:OsnqgsojvvE5rKBXZB9rUyZRyp9zSsr4DNV:Osnqgsojk5GBXZB9rUARyp9esr4DN
                                                                                                                                                                      MD5:0793D9D827569EBE5D5799EBE3528288
                                                                                                                                                                      SHA1:756B69C24E9E521F0FE04624637838CAFD067B7E
                                                                                                                                                                      SHA-256:9D3DE7A8CADD8575ECFDC45B693FA3A355753AB67FE650D3E3142F675B848994
                                                                                                                                                                      SHA-512:5F8F4CEEB25CE1269F01501C3113C672A88EC732FE0EA7CAFCEF1CC605EBC2FFB6A584581EED2B83E23C3ADA992A6618CE48C9C4BE20E307B5B1743A039A76C0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......r...v...f...................................................................................................................................2...>...N.......v................................I.......I.qk..B.....LZ.9s......9sA....8J#+....9sA....8J#+....9s..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............e....H......w......N...^...............DE...O...G............f..................................."....I.qk..B.....LZ.............e....H......w...........e....H......w............9s......9s......9s..........................................9sj.....9sT.]...9s......9s..B...9sH.....9s..B...9s..>.).9s..J...................;........4...4...4.."...............9s..9s..9s..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........9s......9s....#.9s............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                      Entropy (8bit):7.231269197132181
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                                                      MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                                                      SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                                                      SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                                                      SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.314435041046447
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:MBsUiUltZkb+QHXtMf6E3VpLrWXkHR9fhJoLlrdqruTRXi9a9ECF:MBsknZDAX2SE3TGXkHR9fhJ4RyI/
                                                                                                                                                                      MD5:C99A3565493D9612842E592B93E0021F
                                                                                                                                                                      SHA1:D29826D7CA0E6A0F4F9694E67D78DB45493FC5EA
                                                                                                                                                                      SHA-256:124423609B52749DA4D5AA90D71BA19856D748F4D29B804CC2E0641847D5D08D
                                                                                                                                                                      SHA-512:8D22C42DCA93D58B13BC9BB2C53EDCFEF29217370E8536A57A155C371DEB61D829E0715776A91058992802414B007164A8028D405E182F5CAEF55FF844A4CF16
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.-;......-;..}.....V.6.1.-;..}.....V.6.1.-;..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.................g.....*\."......N...^...............A...'.G..3.V..h........f........................................I.qk..B.....LZ................g.....*\."..............g.....*\."............-;......-;......-;..........................................-;j.....-;T.]...-;......-;..B...-;H.....-;..B...-;..>.).-;..J...................;........4...4...4.."...............-;..-;..-;..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........-;......-;....#.-;............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):34299
                                                                                                                                                                      Entropy (8bit):7.247541176493898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                                                      MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                                                      SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                                                      SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                                                      SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.351096848142344
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:asZY/8DEyFYX4a9Da7kRyBMBTVAGBGLM:asm/zkYXH9Da7kRyBMBTVAGBEM
                                                                                                                                                                      MD5:3D6C54A559D7CB1C0DA7EA1E1C701E6B
                                                                                                                                                                      SHA1:08D480D26CEED5358356AB7493418F0C78EFEB6D
                                                                                                                                                                      SHA-256:1749A3A3E0F31026EB850E5E156485FE34B9F2C31DF6F7F1FFFC012F83EB44FC
                                                                                                                                                                      SHA-512:5F78C0EF5BBA9DD9D7C78F9B4EB3E5745E6FB6C6C592FD39B813AB4BFBF3CB5A0F9BCA14066A458978ECE468B353134ED99C3499B00B5B0E78F3A9BA7D0CCDC3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ............@;.7..2y.0Y....@;.7..2y.0Y.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............$......?z|..!O%....N...^................Z1[..H.>..w..........f........................................I.qk..B.....LZ............$......?z|..!O%........$......?z|..!O%........................................................................j.......T.]..............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10056
                                                                                                                                                                      Entropy (8bit):7.956064700093514
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                                                      MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                                                      SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                                                      SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                                                      SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.33259133145375
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:CIssLNCtwd4I3qtmMpoEXh2aLg6cX/X6c9OqxxotrdqrQ7bi2GARX+AIV9YZn5IV:is8wOMq2EfHcXyc9Oq3MRyQ1tS
                                                                                                                                                                      MD5:A8E8878F1EE950F38CB9942ACB629A0B
                                                                                                                                                                      SHA1:8B3AC2705888B46DB4173C538BABA052A40BC18F
                                                                                                                                                                      SHA-256:C5C1E62DABDF1BB93FBED6D87056A4B24A7A33B33F390CF0504638438969139B
                                                                                                                                                                      SHA-512:682A51D98815846AD247FC41E4D1F4168346E75AA1B3EFBCFDBB3A74CFF2BA967F3566E8DFD00F7279746D0409C4D880B6C1029D1C9DEE0C3DDEB82100AAE57F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ/Nm...../Nm..[..!Hv7.R../Nm..[..!Hv7.R../Nm..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............Di..P.. .ZK3.......N...^...............]|"%...E.?a...'e........f........................................I.qk..B.....LZ.............Di..P.. .ZK3............Di..P.. .ZK3............/Nm...../Nm...../Nm........................................./Nmj..../NmT.]../Nm...../Nm..B../NmH..../Nm..B../Nm..>.)/Nm..J...................;........4...4...4.."............../Nm./Nm./Nm..z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........./Nm...../Nm....#/Nm............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):84097
                                                                                                                                                                      Entropy (8bit):7.78862495530604
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                                                      MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                                                      SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                                                      SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                                                      SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.337468729780741
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:LsJS48La038nt1j2EMxOpXB+Mp9/roBf7rdqrRrG0RXGjRt8xHxHJh:LsoRL138nXKERpXBbp9/rC7RyhRmsJ
                                                                                                                                                                      MD5:C3B138858E29343A9BF66C4DD448EB7F
                                                                                                                                                                      SHA1:D51FA1F72D07D29765DC7B441220D99562D6E62C
                                                                                                                                                                      SHA-256:9CDD2BA7D76BDB23A2721E95BFF94390B5E90C5F1F6AB526137ED586B06DEE77
                                                                                                                                                                      SHA-512:4C7531CFB2E3F8A154A52874E6954459CEB326F96BED1760AD8A6C4079FC683899D98E1D8D28BF1E722A5381A1C9904BA796C2B82598BDFB870F8457C2C17469
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......L...v...@...................................................................................................................................2...>...(.......v...t............................I.......I.qk..B.....LZ.m.......m....q..8.%v...m....q..8.%v...m...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............y...2..+.<SO......N...^.................MZT.zG...j...........f........................................I.qk..B.....LZ.............y...2..+.<SO...........y...2..+.<SO............m.......m.......m...........................................m.j.....m.T.]...m.......m...B...m.H.....m...B...m...>.).m...J...................;........4...4...4.."...............m...m...m...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4..........m.......m.....#.m.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):64118
                                                                                                                                                                      Entropy (8bit):7.742974333356952
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                                                      MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                                                      SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                                                      SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                                                      SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.331786003839153
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:asnTES6fttgEpOXz9/1oFrdqrvCtk5CjRXIkcRjRfZ7:asL6fYEUXz9/1ERyvvC/QfZ
                                                                                                                                                                      MD5:1EE1123AA83CA5F376DDCA1FF235DA95
                                                                                                                                                                      SHA1:CC687D3436BFF454FA86740D3FF79DDEEC5E7BB9
                                                                                                                                                                      SHA-256:CC4BBD8E7A98AA8DB1339EEE592A6742AE5E22AD0AA19938BEC9D28400337C6E
                                                                                                                                                                      SHA-512:04A12ED4005916156C1ED5BD036F1938B49512FEB9C2450263914071EDFEF750134BF3F44ADBEE636BB23B593864F866AC8FEBBAD8261422F3E81C77BC21D2ED
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ]h......]h.......L*]]...]h.......L*]]...]h...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............dV.|K..25._.0.....N...^................}.....L.%.....s........f........................................I.qk..B.....LZ.............dV.|K..25._.0..........dV.|K..25._.0..........]h......]h......]h..........................................]h.j....]h.T.]..]h......]h...B..]h.H....]h...B..]h...>.)]h...J...................;........4...4...4.."..............]h..]h..]h...z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4.........]h......]h.....#]h.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65998
                                                                                                                                                                      Entropy (8bit):7.671031449942883
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                                                      MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                                                      SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                                                      SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                                                      SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):3.2383123129116687
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:OsqfvY6lPWm+WEc8qwOXu7O9XqsqdjSNR0TqlFA:OsqfvY6lPWjcaOXu7O9XqnuNR0iF
                                                                                                                                                                      MD5:52544AC50492275FBE71AC10AF69FCB2
                                                                                                                                                                      SHA1:DDE79FECD596E16BD1925753ABE2E7304E5C7BD2
                                                                                                                                                                      SHA-256:01F0140265FDA185C0D2ADF1A9D8C9AF5081B9264F76039AA9ED622CFBDAAD92
                                                                                                                                                                      SHA-512:97034908C98F9479BF1790466CD8C1355649E24AB072FA38A7B3A932F6F6BBA13215D1330E5722FC822C7A5358CB56D1201A6BD4D760A14E2C31748AD4075026
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......................................................................................................................................2...>...j.......v................................I.......I.qk..B.....LZ..4.......4.>.%..N.Z..AY..4.>.%..N.Z..AY..4..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............$..`[D.....[.+\.....N...^................d....iK...`cj,k........&...................................>....I.qk..B.....LZ............$..`[D.....[.+\.........$..`[D.....[.+\............4.......4.......4...........................................4j......4T.a....4.......4..D....4H......4..N....4..?.#..4..9...................;........4...4...4.."................4...4...4..z...y.. x.. ...........$........4...*..7*..7...........Op.b..F.$..i.................;........4...4...4...........4.......4....#..4............................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32656
                                                                                                                                                                      Entropy (8bit):3.9517299510231485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                      MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                      SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                      SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                      SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12824
                                                                                                                                                                      Entropy (8bit):7.974776104184905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                      MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                      SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                      SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                      SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32656
                                                                                                                                                                      Entropy (8bit):3.9517299510231485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                      MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                      SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                      SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                      SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12824
                                                                                                                                                                      Entropy (8bit):7.974776104184905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                      MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                      SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                      SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                      SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32656
                                                                                                                                                                      Entropy (8bit):3.9517299510231485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                      MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                      SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                      SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                      SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12824
                                                                                                                                                                      Entropy (8bit):7.974776104184905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                      MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                      SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                      SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                      SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.332883665714079
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YuSsYxfYQQUTtejEya79XR9j5jdBrd3rD5x/RXT9DtJ:YdssQUTiEyaxXR9j5rRbPh
                                                                                                                                                                      MD5:01C7A176DAAEABFE90CC7C260C862336
                                                                                                                                                                      SHA1:C89DC59681AEE6FA2B477559D2BE968CCC6BEBA2
                                                                                                                                                                      SHA-256:6AD41C84438E6E5D44F739C68250B737CBE83A059A885BF8B1F8B8BD52818A16
                                                                                                                                                                      SHA-512:23F1B9AB0052A47885553D9CA993E294BB3108E205AF574604FB1E6D6D3DAF6E3D40A853612A68472198E653D3D9F6675B508C440771F567AF98D4B010AB4423
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x.............................................b....I.......I.qk..B.....LZ..........b........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............4..S.....b...`v.....N...^.................\z.l.K.r.d.b.U........f........................................I.qk..B.....LZ............4..S.....b...`v.........4..S.....b...`v.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...*..7*..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):39010
                                                                                                                                                                      Entropy (8bit):7.362726513389497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                      MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                      SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                      SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                      SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.4315071390542755
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:ZsXMzZGUcNk4E2lXn49si4RbBg2P4ZyQGs:Zs8tcCAX49si4RbBjP
                                                                                                                                                                      MD5:382AA31B8941DE50538E2993D2A47531
                                                                                                                                                                      SHA1:35CEB20B183CEB3D4673CFA541FB77E42FD21F50
                                                                                                                                                                      SHA-256:FA8DF335BEE42CF639EF522917ECC0591E93FBD9DFC27512DDC9EBA52219554E
                                                                                                                                                                      SHA-512:B7BF085236A679C2613921D49E4A00C50EF760CD7AB9AEEAD79CED68DB2F62CFAE52CC37DCF3ADD70E291A5C4F6469E0BC7DA5083411CC7FC23FBE9B570E6F79
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......h...v...\...................................................................................................................................2...>...D.......v................................I.......I.qk..B.....LZe@......e@.].....E.K....e@.].....E.K....e@...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............$Ht.TR.#.OK6......N...^...............yF...(O@...[`...........f........................................I.qk..B.....LZ............$Ht.TR.#.OK6..........$Ht.TR.#.OK6...........e@......e@......e@..........................................e@.j....e@.T.]..e@......e@..B..e@.H....e@...B..e@...>.)e@...J...................;........4...4...4.."..............e@..e@..e@...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........e@......e@.....#e@.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):25622
                                                                                                                                                                      Entropy (8bit):7.058784902089801
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                      MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                      SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                      SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                      SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.321098236481327
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YuzocKsgp5dU0bQtSHaMEHGKGXA9Bitj42erd3rUgxbdX3DSiYUW9aV:YEocKsua0bQUaMEmxXA9kt0Rb/pWQ
                                                                                                                                                                      MD5:48617E10C5F93DC360D9B7D69D3C644B
                                                                                                                                                                      SHA1:6F67E64C6C0BB003DF4CDD54417A216471E15386
                                                                                                                                                                      SHA-256:356FF078B76E9E34C114959FA04B6B135CDC262A4B05DDB68C4574F160D4A778
                                                                                                                                                                      SHA-512:D3AEEF9C37139553C7E75AD56C0DE1E5C94A23AB84732127B694DA8C5A32AE4A8CD8FDD5FE62F213A720B902F5502AAD58937E00E48B9098079AD55F31BB9414
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......P...v...D...................................................?....?..........................................................................2...>...,.......v...x............................I.......I.qk..B.....LZ@.&.....@.&.....z.....@.&.....z.....@.&..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............lG 7..#..P.K~4A!....N...^................w.Bs.qG..2KF..J........f........................................I.qk..B.....LZ............lG 7..#..P.K~4A!........lG 7..#..P.K~4A!.........@.&.....@.&.....@.&.........................................@.&j....@.&T.]..@.&.....@.&..B..@.&H....@.&..B..@.&..>.)@.&..J...................;........4...4...4.."..............@.&.@.&.@.&..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........@.&.....@.&....#@.&............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2033
                                                                                                                                                                      Entropy (8bit):6.8741208714657
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                                                      MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                                                      SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                                                      SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                                                      SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.310967650563991
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Gs1dqEHLXmCCzoE8PXM89wcGVRbisnoC8gjo1rV:GsZr2CgV8PXM89wcGVRbisO
                                                                                                                                                                      MD5:464FF2FB25CB7C9698480481CE7D94AE
                                                                                                                                                                      SHA1:CB44ED1FB694AD4DB181133F653D274D4C4B1D7B
                                                                                                                                                                      SHA-256:6D934339D5AE4F31E87950FE20BFA925AAC4C3442F108D0F23E1082F4D06C6C8
                                                                                                                                                                      SHA-512:0631443D56E4616CCD2EB7C9680E1AD289C4D6CF54C358A463A3009D1F99ED81A0FEC85A30F40E0E7BCE0EB74250AF1785C8597BF71D8EC3CEAD07F131C03D11
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ4Q......4Q.F..O...f.g.2.4Q.F..O...f.g.2.4Q...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............K.Uu.....w*._..h....N...^...............s.#\WF.G.Z....>4........f........................................I.qk..B.....LZ............K.Uu.....w*._..h........K.Uu.....w*._..h.........4Q......4Q......4Q..........................................4Q.j....4Q.T.]..4Q......4Q...B..4Q.H....4Q...B..4Q...>.)4Q...J...................;........4...4...4.."..............4Q..4Q..4Q...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4.........4Q......4Q.....#4Q.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55804
                                                                                                                                                                      Entropy (8bit):7.433623355028275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                      MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                      SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                      SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                      SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.45935996182541
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:0sYcb+ZWwC12UptGmEbzMXXX9Sd2j4VrdMrfuE2dXaWkR8Al:0sYrZO12UpXEMXXX9Sd2wRMWE26F
                                                                                                                                                                      MD5:ABEADA8DF1C3E793CB355C9C0ECAAB67
                                                                                                                                                                      SHA1:79548419CE7D84022E0E93D164E112D4B39C04CF
                                                                                                                                                                      SHA-256:44A8ADC2B13C21D315F3A16F60437F6CDFFB5FC76B61E5B674D1BF7D6CCA3EBC
                                                                                                                                                                      SHA-512:95F8CB8201B7F939D2814DD6A7591F1055B7D746544636ADD869A7522A6113B6A763EF5CC4C1B65BF3D4E725E07AFD0461C2E209E5D9D752EC72804D034F6C42
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......n...v...b...................................................................................................................................2...>...J.......v................................I.......I.qk..B.....LZ.2 ......2 ./.....).....2 ./.....).....2 ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............+....%..........N...^....................].B...............f........................................I.qk..B.....LZ..............+....%................+....%................2 ......2 ......2 ..........................................2 j.....2 T.]...2 ......2 ..B...2 H.....2 ..B...2 ..>.).2 ..J...................;........4...4...4.."...............2 ..2 ..2 ..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........2 ......2 ....#.2 ............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):59832
                                                                                                                                                                      Entropy (8bit):7.308211468398169
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                      MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                      SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                      SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                      SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.3589038898502555
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:HDsmNS133Q0WEWXp923BgRMbzW7S4US5c:jsm4J3RWXp92RgRMbzt4US
                                                                                                                                                                      MD5:75843F3EEF8D8B50455E505680CE070E
                                                                                                                                                                      SHA1:C1249701B9418B1CCC8A376746CF7B9AC35EC80E
                                                                                                                                                                      SHA-256:FE1E9764DB1FE52B8A7CB6FFE759A7455B4C219680B9F12A1FBD154E583D06C2
                                                                                                                                                                      SHA-512:BD5F9CC2FC4844831B7944101402B1D5365B10F0E087F7069C168D8AB1BCB9C7B6EBE3CEA40DA2CEDB803035F93E10B3B237E75FB9CB9519AAEA328EE5152C89
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.^5......^5.{s....@l.N.F.^5.{s....@l.N.F.^5..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............FW9,.[X.-.....].....N...^...............0..^.O.D......3........H........................................I.qk..B.....LZ............FW9,.[X.-.....].........FW9,.[X.-.....]...........^5......^5......^5..........................................^5j.....^5T.^...^5......^5..B...^5..C...^5..>...^5..|...^5 .3...................;........4...4...4.."...............^5..^5..^5..z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........^5......^5....#.^5............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):33032
                                                                                                                                                                      Entropy (8bit):2.941351060644542
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                                                      MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                                                      SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                                                      SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                                                      SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12180
                                                                                                                                                                      Entropy (8bit):5.318266117301791
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                                                      MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                                                      SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                                                      SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                                                      SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.357179401114889
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Es7b3NiKUltkNb/EPEczowLREKXQfiZK9KzsA0p5trdMruKQXnz9kN9ANxY0/ylt:EsFiLlmBEsAow1XQKk9cW9RMxbI+0/2
                                                                                                                                                                      MD5:CF4FC7E155A639F0378B5D01C1DC2498
                                                                                                                                                                      SHA1:B81A08E759DA4E4CDD1F141A44D141040680091A
                                                                                                                                                                      SHA-256:42F5E190F41FF69ACC5B613D3BC6B3F0CD53D0B2D9EDDE6971C95C7D81077792
                                                                                                                                                                      SHA-512:FFF5C4CE70EFED1793DFA38BBF95FBC5E478187698ADB4FBE95581E6D7E6CD8B656EC4DCE9D75AEE3A91847F1958A0BF2A7CBAAB28F2374858AED04B18924F4C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.6.......6.......K.G-..6.......K.G-..6...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................S...+...)F......N...^...............W.X.lC3F..m.Y#K.........f........................................I.qk..B.....LZ...............S...+...)F.............S...+...)F............6.......6.......6...........................................6.j.....6.T.]...6.......6...B...6.H.....6...B...6...>.).6...J...................;........4...4...4.."...............6...6...6...z...y.. x.. ...........$........4...+..7+..7........................;........4...4...4..........6.......6.....#.6.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2104
                                                                                                                                                                      Entropy (8bit):7.252780160030615
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                                                      MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                                                      SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                                                      SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                                                      SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.359756975811265
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:QhsdmzVBgXN1tNoOtE2JlZVMNXZpJ9Ns1pyWKrdMr3VwDFXg0QQaZV8g:esOBMN1XXE24XZ39NUBKRMFkDY8
                                                                                                                                                                      MD5:4E1BBFAB4D08386966F2639A105866D8
                                                                                                                                                                      SHA1:75A43EDB0BE46D05134DE6B0FC740065756ADAAF
                                                                                                                                                                      SHA-256:683E70401C9E0F5F7D8034450D1CC3448AD2D666B4635CDE84086CDE367D1B2C
                                                                                                                                                                      SHA-512:C7EFFC12C7CB1AB71B0B125C2A512912EDC0F00C08B9AE439866184B3F04BDF6014F98477D354E29A7DCD4E3BE52F5BDA1CDABD10781488C37EF881BB02FE901
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ............I.>....?..7....I.>....?..7.....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............wR!.....V...J.....N...^...................K.A.b.3............f........................................I.qk..B.....LZ.............wR!.....V...J..........wR!.....V...J.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14177
                                                                                                                                                                      Entropy (8bit):5.705782002886174
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                      MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                      SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                      SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                      SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.355946686396353
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Us+ZdUhtZKfRrtutEYXL712XlO9k8s3tpyFrdMrp63C6FXNR/UEUz9vUJIiUPUEh:Us0oKfRrgEQQXk9x4oRMv6plcU6lTIQ
                                                                                                                                                                      MD5:58DDA69D1B0F868BB0A69339ED4E1B72
                                                                                                                                                                      SHA1:919B62A3A98FEC4A987605923A942BA45A780916
                                                                                                                                                                      SHA-256:173637D218490DD91D2E08E07ACA514E9B87CE03DD54CA6365AF1E4905B940DE
                                                                                                                                                                      SHA-512:6FE2808C500C71DCED388FF55567494A6EABC336A067540B566D44106064454AF32572EC231148F4776583158EF7B4C3D623313715B83316BF3B1B25528B96EE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ:.R.....:.R.....=.3&J,W.:.R.....=.3&J,W.:.R..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............S.'.%.....S..S-....N...^...............J...Z..M...l.5..........f........................................I.qk..B.....LZ............S.'.%.....S..S-........S.'.%.....S..S-.........:.R.....:.R.....:.R.........................................:.Rj....:.RT.]..:.R.....:.R..B..:.RH....:.R..B..:.R..>.):.R..J...................;........4...4...4.."..............:.R.:.R.:.R..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........:.R.....:.R....#:.R............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):36740
                                                                                                                                                                      Entropy (8bit):7.48266872907324
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                                                      MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                                                      SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                                                      SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                                                      SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.4413734103505105
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:RsUmTyC31YJELBXD9t8oRMrhowlWy8+nN/SloJcL:RsUmTyC31FLBXD9t8oRMruwlWy8+nN/i
                                                                                                                                                                      MD5:9708C48E75212AA80C410C09D63FE8A3
                                                                                                                                                                      SHA1:76270B7DCA593FEB733843DBC8A68AA191A690B6
                                                                                                                                                                      SHA-256:2CD9884464F155B0664CA46FFCA230179FF995438FA06548CAC40C78285318F6
                                                                                                                                                                      SHA-512:C658934DDF923EE616B98B92AE7CE27E2B7A2976200F043A7212E39E3708563B340328BC0952C0A84B30DF41C19E688CD43781697CAFE5C442AEB2F203110DA8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v..........................................b....8X1.\A..I.......I.qk..B.....LZ...b....8X1.\A......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............G&.j.....l.......N...^...............6w.....B.%. ............f........................................I.qk..B.....LZ............G&.j.....l...........G&.j.....l...........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53259
                                                                                                                                                                      Entropy (8bit):7.651662052139301
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                      MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                      SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                      SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                      SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.348848481770502
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:usJBYTCut6PXUptAEGEXDJICXAC3D91sMpyVrdMr9BCaFXy1hzD1n9:usgRgPXUpKEX1XlT91NoRM2aeP1n
                                                                                                                                                                      MD5:FCA9B09C836D87CFA474D9ACC44F3CC8
                                                                                                                                                                      SHA1:3861A073F6D2B6BAF5390375CBBB926EF5E06657
                                                                                                                                                                      SHA-256:5F4F87C34C1D2EAAA5F99B7B847CFC71A81A60F9877DE8EA2A6746A13DF7E44B
                                                                                                                                                                      SHA-512:D95A2391168BE6D04421E33EDFAC80295A0BD42861E816C1DEFDE06FD632BE23461D99268FCCBCD186FD1E6E60492C23176A9D50BFEF4EF8CC64E0DDD1E99388
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ..N.......N..#5.'l.......N..#5.'l.......N..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...................I.=...w..~....N...^...............T.-.MM.M.|.k..".........f........................................I.qk..B.....LZ..................I.=...w..~..............I.=...w..~...........N.......N.......N...........................................Nj......NT.]....N.......N..B....NH......N..B....N..>.)..N..J...................;........4...4...4.."................N...N...N..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4...........N.......N....#..N............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60924
                                                                                                                                                                      Entropy (8bit):7.758472758205366
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                                                      MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                                                      SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                                                      SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                                                      SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.307183728711538
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:8sL7OX9H2kLtYpOEJtNIXwKM9HdsUpyFrdMrjq2FXSQ9A2l5:8sfk2kLPEqXwT9HdVwRMW2T
                                                                                                                                                                      MD5:A9A728D332A2E3DDEFAC024911B19076
                                                                                                                                                                      SHA1:A5526E989D5E10510D8CDB03CC0446B73144FCC0
                                                                                                                                                                      SHA-256:A0F37D2A065E5A98897A691FB907F6DA69D2BBFD72F27177469677AB0873B943
                                                                                                                                                                      SHA-512:0FB426609D49B71C09364B0646CEE0E4BAD4A30125D0375E50FB76084289A91781EEE3AD69F5C3A0CDF6BB8EDCBE787A1DC8725E3D6D58FB9677A084C7368E61
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ^2 .....^2 je...2....H.^2 je...2....H.^2 ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............<..7..%.7.........N...^...............U-L.N..J.....vR.........f........................................I.qk..B.....LZ.............<..7..%.7..............<..7..%.7..............^2 .....^2 .....^2 .........................................^2 j....^2 T.]..^2 .....^2 ..B..^2 H....^2 ..B..^2 ..>.)^2 ..J...................;........4...4...4.."..............^2 .^2 .^2 ..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........^2 .....^2 ....#^2 ............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):515
                                                                                                                                                                      Entropy (8bit):6.740133870626016
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                                                      MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                                                      SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                                                      SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                                                      SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.379824958442247
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:mstrmOWiwwNMtgECEPA8K1XN9dsiXpy7BrdMrlIyt7FXONOYHE0g:msttwwNMCPEP6XN9dBARMuyt76lE0
                                                                                                                                                                      MD5:6311F8DF4AA4716B41E986C27C754876
                                                                                                                                                                      SHA1:03252084F808B58FEEC3D71ECB6CA06929C8304E
                                                                                                                                                                      SHA-256:854B70F113DBDF1718BAEE370A5589590DBB1DD42FCA00CA68AC94BD54070161
                                                                                                                                                                      SHA-512:2F78D67422AAE80F8F9B58FF11F339F0EAD5094A952A9BCB66F9E0B7EB5CCE6042C51CB17481B2CA2B9A8C925676D4167D4F9F8D97A8B2C31125400139A3C802
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZ.j.......j.TS.b.-.....j.TS.b.-.....j...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............}....:i..........N...^................Q}.\.J.....9d.........f........................................I.qk..B.....LZ..............}....:i................}....:i................j.......j.......j...........................................j.j.....j.T.]...j.......j..B...j.H.....j...B...j...>.).j...J...................;........4...4...4.."...............j...j...j...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........j.......j.....#.j.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1547
                                                                                                                                                                      Entropy (8bit):6.4194805172468286
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                                                      MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                                                      SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                                                      SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                                                      SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.326459140806188
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:GsB2lXT7yOjzt1RE05MjOXge9ZUbpyxrdMrTSFXFim5fkJh9mJlHnF:GsQ9jzJEIXge9qbURMOIIl
                                                                                                                                                                      MD5:FECA511F09BA969A9B017C51FB7FED13
                                                                                                                                                                      SHA1:A9362CC843B6F86399554888F34CBF13F76EB6E3
                                                                                                                                                                      SHA-256:91049D7B34FFA9B3B2AB7F5B3499F18C672F6A7AFA260AA8A29B0ADA018866FF
                                                                                                                                                                      SHA-512:63A8AB8187E13D7F625C1B1B4CDA3AD6C955C5599AC849160BB77100FB97C8E577DCBE667592B7EC12048597CCA9706C26704E1D3828BC7286B5A4F8A5835F04
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ!.g.....!.g}.......>...!.g}.......>...!.g..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............Z...........S@N....N...^..................&...B.{.;lIm.........f........................................I.qk..B.....LZ............Z...........S@N........Z...........S@N.........!.g.....!.g.....!.g.........................................!.gj....!.gT.]..!.g.....!.g..B..!.gH....!.g..B..!.g..>.)!.g..J...................;........4...4...4.."..............!.g.!.g.!.g..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........!.g.....!.g....#!.g............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):95763
                                                                                                                                                                      Entropy (8bit):7.931689087616878
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                                                      MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                                                      SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                                                      SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                                                      SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.332216241410213
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:zKbspenD+RtpzEEyLgr3X0a7v9lUwpy9rdMrts5zFXqxXXoay3F0jXoimhm:zKbsi+R0Ey07XH92wARMSAsa
                                                                                                                                                                      MD5:0ADA4C352C1C57CB359831D054F6B9E4
                                                                                                                                                                      SHA1:31392121DB5CEB88FB4737EB5F2500E16AEA5737
                                                                                                                                                                      SHA-256:2FD56CE7C9755DD25375BC5E4F509D598A167F504538CBD8F31DA76A5B55B26E
                                                                                                                                                                      SHA-512:D537016ADBE92DDE9A479F17177FC86AEABDC038DC1A58C0557BEDD3728BA1D7EDD0CDC543047877726C93C55CA1A284D9CA620DD5DDDE2CE0001D87C7D8DAF4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.e......eA.J....v.[.|..eA.J....v.[.|..e..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............P..5.;.=.~m.[......N...^................=.....J.'q...[.........f........................................I.qk..B.....LZ............P..5.;.=.~m.[..........P..5.;.=.~m.[............e......e......e..........................................ej.....eT.]...e......e..B...eH.....e..B...e..>.).e..J...................;........4...4...4.."...............e..e..e..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........e......e....#.e............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):67991
                                                                                                                                                                      Entropy (8bit):7.870481231782746
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                                                      MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                                                      SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                                                      SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                                                      SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.353586914263918
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Esx5X2J8sEdJXyX3dVO692/ERM7E97EW2y3:Esx5mJOdJXyX3dVt9cERM70EW2W
                                                                                                                                                                      MD5:5E9EC262A82BB7C84B4B2F5F14700CFC
                                                                                                                                                                      SHA1:96CBC68E87CF4B92FC5D55F254844FCCB69E2818
                                                                                                                                                                      SHA-256:F91D2BDE31AAE32C9BB320BD082D394C17BEA61ADADC6443E8A45529E884AE61
                                                                                                                                                                      SHA-512:EA1147DFEA1EB39DDB58E9E7C60A56438EDF2D6354CD009B0D9F229DB8C0B60386DA86977D80ED3285B21E4998EF78A6F3015600658EEE22B17E9976CD5113D9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......R...v...F...................................................................................................................................2...>...........v...z............................I.......I.qk..B.....LZ.......J........Q>.J........Q>...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............3...7..x.=.K......N...^...............=Q...H...I.a=.........f........................................I.qk..B.....LZ..............3...7..x.=.K............3...7..x.=.K..................................................................j.....T.]...........B...H.......B.....>.)...J...................;........4...4...4..".....................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4....................#.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):22203
                                                                                                                                                                      Entropy (8bit):6.977175130747846
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                      MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                      SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                      SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                      SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.3954103745881445
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:iOsrwAAfxxV77bcMtm2zPE15LLiiXShi9BUhpydrdMruUCYBFXB51Msk2x+E4yXk:iOsrU77bcMrEDxXj9Ch4RM/Ig
                                                                                                                                                                      MD5:4CB9B3444F319B5587A85D02AA970553
                                                                                                                                                                      SHA1:EB1A3FA738C951572CB623DB0DB9D20CB87FF766
                                                                                                                                                                      SHA-256:0D216809AFD9DC49C6388153416F9CB8FB30C1547DBB2E0ED4D7DAB2A3373B7D
                                                                                                                                                                      SHA-512:63A6D5F6647C21F0A11B84F7C21D9B9A7A036C0583F66350D01CE95C3458E9951769F3B1463D4ADE5937D5A4176E112F115B6883EF48952664A82F39B7F22FB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......l...v...`...................................................................................................................................2...>...H.......v................................I.......I.qk..B.....LZ.............d ...^?w4......d ...^?w4......I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'................}\Z.....F]......N...^.................s...O...=..MH........f........................................I.qk..B.....LZ...............}\Z.....F].............}\Z.....F]..........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15740
                                                                                                                                                                      Entropy (8bit):6.0674556182683945
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                      MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                      SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                      SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                      SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.311622932222723
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:6s0aHZzqZ+2aEjPXXQ7VE9KUoRMEkJ767WaHwxc:6s0a1qYOjPXXiy93oRM78WaQ
                                                                                                                                                                      MD5:B3365EAE8BB3BD2D15E1553FB3DA1580
                                                                                                                                                                      SHA1:010B69BFB09CBD7A6CCFD94AF69C25256637E160
                                                                                                                                                                      SHA-256:703F54E9DC8679CC348FD5443DF641F77ED864D55921718A0CA51D5F778CE699
                                                                                                                                                                      SHA-512:38ED2EC11E48F8E8F793F6E0CB27BE0F37FA04C2CF445C40355E3ABC906E210337FE8C87EF06E4E19788BF4A6311FC0249999432DEEEEC39C5A08C2466A8A9CC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZrRZ.....rRZi.74.-.$u|.j.rRZi.74.-.$u|.j.rRZ..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............wb......O.7.5<.....N...^...............R...&5.@.#..Il.?........f........................................I.qk..B.....LZ............wb......O.7.5<.........wb......O.7.5<..........rRZ.....rRZ.....rRZ.........................................rRZj....rRZT.]..rRZ.....rRZ..B..rRZH....rRZ..B..rRZ..>.)rRZ..J...................;........4...4...4.."..............rRZ.rRZ.rRZ..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........rRZ.....rRZ....#rRZ............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):86187
                                                                                                                                                                      Entropy (8bit):7.951356272886186
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                                                      MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                                                      SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                                                      SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                                                      SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.657781693851125
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:eGWPsFmoi6t9o9EdzbULSBhr1Xke0sa9IOUcpyFrdMryxsuFXIR8DRVj:ws9i6jMEtUcJ1Xn0v9mc4RMGDywF
                                                                                                                                                                      MD5:B211DA043035ADD6B14BA0BD649C1CC3
                                                                                                                                                                      SHA1:1C08BE44B9666DF611348658C7DF5E71444CBEBA
                                                                                                                                                                      SHA-256:C0A06B16869C582EBC47966C52A82C9A55CB31A5ADEC13C67A7ED56BD6C94E6B
                                                                                                                                                                      SHA-512:E8290452B5735E495AF23376BFA87059E16E9D7CFBEDF1F1C393C454250BDCCBD498B0470D5133BC0B3041BD09770388E7D88BF220A3015FEA4F7FD5972D41C0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......................................................................................................................................2...>...t.......v................................I.......I.qk..B.....LZ.M.......M....2.>...{H..M....2.>...{H..M...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............E...z..3T.........N...^................c.....J.1<z.M.<........f...................................H....I.qk..B.....LZ.............E...z..3T..............E...z..3T...............M.......M.......M...........................................M.j.....M.T.]...M.......M...B...M.H.....M...B...M...>.).M...J...................;........4...4...4.."...............M...M...M...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........M.......M.....#.M.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11197
                                                                                                                                                                      Entropy (8bit):7.975073010774664
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                                                      MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                                                      SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                                                      SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                                                      SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.328718548151713
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:odzsAdX3KHdttMElLQgXn9NUApylrdMrydLFXUtGZqkO:Osqad8EltXn9OAwRMiLvq
                                                                                                                                                                      MD5:F58B09AC281C20A7B3B3FD9B9CD9A77C
                                                                                                                                                                      SHA1:03272A5A3A69E31A5F79D5E75E68CBADD8B600EF
                                                                                                                                                                      SHA-256:0F687F9D42E771329FBF9F3C15035EB6C389867271FEB68C4139009EE5E4B316
                                                                                                                                                                      SHA-512:125D3B2A4D13186BB12E7C633CCE82765AEF17ED7ACB8373C31E8840477C2A32AF37D2FD7D418F9313908C4417ABFBACD6A888D8BC412D3AF274B19E8A94E0A3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ.t.......t...@.?..`R..~.t...@.?..`R..~.t...I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............a.Iga:..?.".\.....N...^................7J.Iz-F...Z.A.........f........................................I.qk..B.....LZ............a.Iga:..?.".\.........a.Iga:..?.".\...........t.......t.......t...........................................t.j.....t.T.]...t.......t...B...t.H.....t...B...t...>.).t...J...................;........4...4...4.."...............t...t...t...z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4..........t.......t.....#.t.............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):19920
                                                                                                                                                                      Entropy (8bit):7.987696084459766
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                                                      MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                                                      SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                                                      SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                                                      SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):2.9158498667203343
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:yWslr+WdT6XytFcyE1L/9NVSL6MhwXXybb9psPpyNrdMrHX/E6FXfpzAdjEydQpI:yWs76XyjE1BN0fMXsb9pioRMH86Q
                                                                                                                                                                      MD5:53ACFDD35CB75C593928204994D3050D
                                                                                                                                                                      SHA1:2FF5B17B9C7094272BEA1E79DD494E9DD0220CF2
                                                                                                                                                                      SHA-256:E6CD5CCBA09A8160A77A8CE2A0A932D6C62A81C9EEC1C35CCB846F7C96CFD56D
                                                                                                                                                                      SHA-512:ACFD5CD17F34D6E4AA38E6EACC3B365C52D565DD70C95AE20A08D66335C599C13D5B8539D7C039E2CADACF82CDF006C90AE5B57FDF4275C73E6CD651D423F61B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......................................................................................................................................2...>.......H...v................................I.......I.qk..B.....LZI{].....I{].@A..:@......I{].@A..:@......I{]..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'........................|........N...^...............vA.-..O....L..v........f........................................I.qk..B.....LZ.......................|.......................|.............I{].....I{].....I{].........................................I{]j....I{]T.]..I{].....I{]..B..I{]H....I{]..B..I{]..>.)I{]..J...................;........4...4...4.."..............I{].I{].I{]..z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........I{].....I{]....#I{]............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):179460
                                                                                                                                                                      Entropy (8bit):7.979020171518325
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                                                      MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                                                      SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                                                      SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                                                      SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.339599604096336
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Cs7NGczf4QOtcyHyE40eXt9tsQpy1rdMrHNZFXuy4SZuuUtD4Z3Vmg:Cs7rf4QOxSEmXt9thQRMtZPUWw
                                                                                                                                                                      MD5:B17EA433BECA84FAAA16B6DB60A50B50
                                                                                                                                                                      SHA1:B16C573EFC829A3EBF41EA9026489C6867B21288
                                                                                                                                                                      SHA-256:3C4A161303F1A50824E3A0387DB37C23AB78676EDFCDD4B178DEC8ABBC9697C5
                                                                                                                                                                      SHA-512:A375EA6495D0F0A2BBE933098EE0AFCB0DBBD79A2FB5EAC5B34F5838775C96E7748210373ABD6D4F1724851FA9CDD4BFF279964A48AFF13E0E79C7573BB205BA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......T...v...H...................................................................................................................................2...>...0.......v...|............................I.......I.qk..B.....LZy.......y..P......Xg....y..P......Xg....y....I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............y..d...m..x/......N...^.................5. K.A...IV.9.........f........................................I.qk..B.....LZ..............y..d...m..x/............y..d...m..x/...........y.......y.......y...........................................y..j....y..T.]..y.......y...B..y..H....y....B..y....>.)y....J...................;........4...4...4.."..............y...y...y....z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4.........y.......y......#y..............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):109698
                                                                                                                                                                      Entropy (8bit):7.954100577911302
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                                                      MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                                                      SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                                                      SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                                                      SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):4.350578314180488
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:isJmwCcwQTEOXnD9FfdYRM7D9tvFJFtG8F+/Kl:is8wCccOXD9FfdYRM7BxL
                                                                                                                                                                      MD5:E08D08F9E58AE4AE288DEB462365CADC
                                                                                                                                                                      SHA1:517DF651E48E67311B48B0FE104F21AC0E2B8229
                                                                                                                                                                      SHA-256:92E6ECF791812AB80A2697D8C92ABFADD9B118655AE05090B1A18130986856CE
                                                                                                                                                                      SHA-512:3A8DD3C8D7DC2A71E7537554EEBA5B2D6B29D9F17453B5597CD8B7379CDFEFCF9910157F0C289405076E58B5FEF566689ACB1AEEFDCD8CD1100DEFB7ACFF1770
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>.......N...v...B...................................................................................................................................2...>...*.......v...v............................I.......I.qk..B.....LZ...........}......;{.......}......;{.........I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'..............{..J.=..._...Q.....N...^..................<`..K.y..=..........f........................................I.qk..B.....LZ.............{..J.=..._...Q..........{..J.=..._...Q.........................................................................j.......T.]...............B.....H.........B.......>.).....J...................;........4...4...4.."...........................z...y.. x.. ...........$........4...,..7,..7........................;........4...4...4........................#...............................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):41893
                                                                                                                                                                      Entropy (8bit):7.52654558351485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                      MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                      SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                      SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                      SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):3.3606262357756664
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:P1WZ80M0wBW4xmV48j08DbPUErl7xMOS/bgMkw:aUX7YLA8Db8EJSDI
                                                                                                                                                                      MD5:F39D671B70F98D4CB0D57F61E99F6994
                                                                                                                                                                      SHA1:9878D1EF4BC477A118E5260835B6BBC1CF5F657C
                                                                                                                                                                      SHA-256:AD5BC818CA93EFDB04D57F3E42F13A603E23E9BA52B6FC30115E02368BE82C02
                                                                                                                                                                      SHA-512:877F64B2B3B3FE67249F86DA9EFEFE9C09F2916164E0F1FF713B9D9F0208144CDDD0FAC76A3B1CEE57C18079563638CF737A416F9BAC0CC0AE664D9462DF26F1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........0.......................................................?...............................................................................................h.......................................^.......^....._C..r.U..a..V.......V.=......i....od...=..7......od..r%S..uM.....g.vr%S...V.=......i...s..V..........?.......?...................................................^..T&d..?....w..?..X....?....4..?.......?....$..C..T(P...s.T.9................4..(.....x.(.....?.......?..sUP..:/,..M4..s.......s.5=.9O..+.X&5.2.......v.......4...............^.....V.?...od........................s........V..c..,0...e...B4.$........[.-...I.......9......................^....._C..r.U..a^...C...C.G..8..C..C....s.5=.9O..+.X&5..s......>...............r%S..uM.....g.v..V.=......i...s................od......od...=..7.......s.......s.5=.9O..+.X&5......^.......od...c..,0...e...B4.$..............E........................................0...........e....4..................T.o. .D.o. .L.i.s.t........s.)..O@
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):3.9178265545987094
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:BseXPTdSwniX0kTH6tRzdfFXvtxmZPR95HDRkrhLr:Wk8BaRzSV7
                                                                                                                                                                      MD5:AB377F369C5D63C41BA1D09E70DBE191
                                                                                                                                                                      SHA1:B2F4173AFB1376115319397CD85E002B857EB9FA
                                                                                                                                                                      SHA-256:E4129302186782844A67432FC6F6292008F52A55B41388ABFA2BDE0F0EDF00D1
                                                                                                                                                                      SHA-512:D3508F26140C81F82DF177416B4153D814B02FD4EED0C83A597BBDC0D03FDA90F41DBB410697B41CA836D834C68F1BBF41B78348A06924DA5C88DDCA307DDEB4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v.......X .. "..2...>...d...<...v.......@....!...........................................................................................................................................I.......I.qk..B.....LZ.~p.;....~pB.C3.+..^...I.~pB.C3.+..^...I.~p..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'...............Vy.F..;.v\.>.P....N...^..................#~..O...S!{..........h...L...............................D....I.qk..B.....LZ..............Vy.F..;.v\.>.P..................................~p......~p......~p..........................................~pj.....~pT&n...~p......~p......~pH.....~p..K...~p......~p$.........~p-.~pJ.~p..z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.5............(.~p#.~p8.~p..z...,4. .......$>........4...4.@..7.....................D..n4..o4..p4...4. .F
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):68633
                                                                                                                                                                      Entropy (8bit):7.709776384921022
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                      MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                      SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                      SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                      SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):4.065496060918962
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:1bA4iTfNyOJSEOfW76BCv3VJ/23JejO9+q23ofF8J7mX5w7uyQ3TRJe/VDkMz8Ha:xA7RJ/kJF8J743RJ+X/zvc//3OCZ34R
                                                                                                                                                                      MD5:E0D996C75FE076CD0B66E6669075C85F
                                                                                                                                                                      SHA1:E7992ACA0772CA43598FE948FFCFD423B93E80BC
                                                                                                                                                                      SHA-256:473D99E35322FDF90FB63C3D9D0527FCA9BD68270976AF26728A86B787E64A17
                                                                                                                                                                      SHA-512:12B757B25CB282839416B0E3F61EDE430E19FDB6DA7035D75FB5B2B8FA61BF26A6112C09F07AEE6CA498C1500C5DFB0CCF3CDA56C6C7EDF3E6F4378E0AB1102D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:N...>.......L...d... .... ...9..N...>...........d...h...@...@;..............................................................................................................................................b......W....1V.J.}.y'@......'@.L..r.*FC...C.'@.L..r.*FC...C.'@.....W....1V.J.}.y.....I.qk..B.....LZ.I..........................................................................j.......T.7.......~.............H...................&...........'...2.....z...,4. ...."......$>........4..`..7......L.o.w. .P.r.i.o.r.i.t.y.........................:.........z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.2.3...........'@...z... ..$........................................2..7.........1.h...?.......?...?....rA\.-?>...o.u.t.l.i.n.e.L.o.c.I.D...o.u.t.l.i.n.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.4........?ff.A......'...%.........z...,4. .......$>........4.@.4..`..7.....................D..n4..o4..p4...4. ..1..........*...........%...#...'...&...9.......
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):59832
                                                                                                                                                                      Entropy (8bit):7.308211468398169
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                      MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                      SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                      SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                      SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):3.227960519676378
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:vkR8k6uQnFjXTAYemY59yxZvRJ66a2eAsU4c:vkR8k6uQFjXTAYemsKZvRU6a2eAsXc
                                                                                                                                                                      MD5:9882FAB278A2C82E06FE8A9ECA010F66
                                                                                                                                                                      SHA1:07E19EF0CBF336AB651EE663736102189332F9FA
                                                                                                                                                                      SHA-256:4C13FEF6241677E9AFFAB2391347B5E1EB0AAEB7D344E4407EDB6521D0739B33
                                                                                                                                                                      SHA-512:C3812AE197739A47873A2768CB2B694AB9A299DDDBCD44EE4169C3B0D52F0EC77155F6431A34B9B3A860C5103BCE17374642AA1641CE87EFC8F0DBA029CDB51F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2...>...........v........ ...-..2...>...B.......v.......@....,...........................................................................................................................................I.......I.qk..B.....LZ..n.P.....nvu.J...0.......nvu.J...0.......n..I.qk..B.....LZ.I................................I.......I...................................................I.t.....I................................................................4..'...'.............M...q-H.8.j...?....N...^...............7.B....L.....z.X............................7.B....L.....z.X........7.B....L.....z.X........M...q-H.8.j...?...................................n.......n.......n...........................................nj.^....nT'.....n.......n.......n..-....n.......n.......n .L........n3..nI..n..z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o.m.m.e.n.t.......0.0.0.6...............n3..n9..n..z...y.. x.. ...........$........2..72..7.....*...o.e.L.o.c.I.D...o.e.L.o.c.C.o
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):53259
                                                                                                                                                                      Entropy (8bit):7.651662052139301
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                      MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                      SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                      SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                      SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                      Entropy (8bit):2.69379866006119
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:V4mldxiXUPedCDJTUlllpxiOlwQMDsUlzqhWl6sxiVlkTmUlmezTEaYUliu+3+w0:VLSdCmlJGQqlHrzlmwEaRlwaOl2i+
                                                                                                                                                                      MD5:136DCE467D61D73441524BE4310BD538
                                                                                                                                                                      SHA1:4E5F4AED9C42A4FBB106E37E4AF215FCE4910341
                                                                                                                                                                      SHA-256:009EAF2CE28727213F30C001B4CADDBCE9D73ADF41258203D88F08301710549C
                                                                                                                                                                      SHA-512:14F44C09E3AEE0124D45CFAC9C72C5420BD546DB66690442C622EC74046900DFF5AB897853FCC038AD50D98293B1494D56FD447E43BBB6FEBE496B2DCE973A05
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...........................................?..?....?.....................................................................................................................................................5.......5..E.M@.....Hx.:.{.....:.{.%B.F.<.q}...G.t..\.7....U3lG.t...a._^..pnh.qe....V*'......Ge".^.V*'...........5.......5...................................................5...q...5.`....:.{..8..:.{..T..:.{..]..:.{..d..:.{..u....................4..~...1...(...(.......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.T.e.m.p.l.a.t.e.s.\.1.0.3.3.\.O.N.E.N.O.T.E.\.1.6.\.S.t.a.t.i.o.n.e.r.y.......S.t.a.t.i.o.n.e.r.y.........1.......S.t.a.t.i.o.n.e.r.y............:.{..1... ..$....S.t.a.t.i.o.n.e.r.y.......V*'.....V*'......Ge".^.:.{.....:.{.%B.F.<.q}...2...........0...`................5..V*'.G.t.:.{.........................V*'..c..,.......................V*'..c..,0................I.C.V.+:*.................:.{.:.{..1... ..$....S.t.a.t.i.o.n.e.r.y...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2278
                                                                                                                                                                      Entropy (8bit):3.860012736024955
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:uiTrlKxsxxrxl9Il8uSlN9Dlpo0NyO6AuLNuAxL06v9zid1rc:vPYQlN95ChRxL06vP
                                                                                                                                                                      MD5:4C36DCAADF2565FFC316F3BD5FA07BC3
                                                                                                                                                                      SHA1:08B4AF24A4D579ADCE5CB7AA2D5DF92DA45FF05C
                                                                                                                                                                      SHA-256:CC484D6841429995A5966A66A2B62691931BA3F5B7872BC658BD63B1A24CE7D0
                                                                                                                                                                      SHA-512:4C209996C8E484C05222DF152E26770C85D8088A6F3760C53C05435C19835221946B6358575CC1D8710692B9DF75400F64E9593FC6C447BBCDC58CEDE0B8B184
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.C.8.f.I.K.q.X.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.X.W.+.Z.a.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4542
                                                                                                                                                                      Entropy (8bit):3.99599528369964
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:2YQlN9w8SedPUFl94nCK8HlEX+LiM73NPQFdQbeQYT3c+:2vWx4PUFl94nv8HlCnyNoFdUeQYTD
                                                                                                                                                                      MD5:607F08383EBF637F60B2B3D1DBF5B37A
                                                                                                                                                                      SHA1:A84F99372AB54503001F139C61874BA05ECACB12
                                                                                                                                                                      SHA-256:86319CD2C58392832310204AD128CFBEBB870ADA91B97932F10FEF9AB25E4CAC
                                                                                                                                                                      SHA-512:088459E6F82024B6BEBB19ACBB840217A30A286179210BAADB9B6E31626B27C7663EC46006B26EA3A7E81CF5718B77DFB68C7D45BD5108BDCEB6C9964A6FBBA2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".m.K.A.b.B.q.K.X.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.X.W.+.Z.a.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.9790013377205975
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:jOw0AW4T2JuBVPG8ZH3VupLQDl4aGDXxrL+RGe:jD0V4T2WtKLUlF86
                                                                                                                                                                      MD5:095B35062835674C0C046DCED29CFA89
                                                                                                                                                                      SHA1:9B43CA5F68BDBADEFB8DDC64BB920F6845999BA6
                                                                                                                                                                      SHA-256:0EC83BA28BC7BE6D0A086604B48C83FF87507C22A3A7D61B63247B92D2E10B08
                                                                                                                                                                      SHA-512:8F19D3D885EA748ACD3D640D1AD60A85D5F53F012168A6F7A462706D5752C0648515E0400C86DBEAD8803C674E106EA0F89F06A2C37435A5D4FBAF0EBEBF7554
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.R..5ZE?.j.@...3.n.e...o..'457.D.<.)....LMX.J.G...k..m....I~3.b...f..8.....O.d....G.|....y...[\.M........5.]E.pH.B..v......Sb..g..E]..^.Q.4%.6...Dc.S..X..&Q..N.%,...e&........3l...T...A..$.i..%.+..#.6B>..0...n...G(...gx.].............:.z.kH.%'_PU.6..S...5.Z..$S.........P........}p..p<..."..=.5.5....-:.....{Q.Y;..h....jMS...6%..E.n.VdG...e...& .:....IL8..M3..._...&.k,..yJ../[...e... xk|....w..C.S&@+..-.*..C...:.i..Su..4.B....!..e.&6.`..Pt.......h....\[.P...m1....CDb9s.l? .D..j....#........,.3...>.X...E.c.......:..8s...bO... g...I...zM.C.yz....t..`...V.....R....r..W.*...G...A...t.t..m..7}.GF...AgY.....I4....C..v.~..7..A....7.....ewW.....}c.R..&...a.Yd.........9...q.T%......A.C.h.cZ...#...C3...yw..}.&.KO.N/3j.R.!e..8......z-vcu.!k."..rO1:..D......HX..U&...'-.l%.......).a2w.x.a.......*...0*R...m....I...N.Do.".Hu...O....M6i...\n...S.a:..........n...q..b.Vt"7..K...w.P...v.q...t........g6.h..0...{.....q.....4{.fL....Z..5..)JV._....;........-{4.[.....*
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.979613503902035
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:QkfKRnuAxxKppWYmzPXstYBGBLVSxB7UNS6AIsa:MZuAxuMY+vIqGBYxBGS6AIsa
                                                                                                                                                                      MD5:BDA293F686747E4901B593AF428C0A42
                                                                                                                                                                      SHA1:C4E130D05DA8591F2694C3FCD7ADB233C161646D
                                                                                                                                                                      SHA-256:7AD3DA9A91794D10FCB411052F67F12769829DCB868860FEFFCFDF99E78C6C0E
                                                                                                                                                                      SHA-512:E5DEDE4449B4970B28CB9C4474B91BC05DCBF92FE2BC85AFF6CA52B0C974CBF2ED6DAF4533B76C15DD7B5FB152B9AC765B89AA51F18FB2BCBB515A43294A9A9A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:e>^#\......>...{.>Y...e/.n.T_.yj....Z.I$8/....%..KUw...w..e.:........=..w.{...2.V..]].\.."...JA~.w.R...w=.'....,nr.j...!.:n.mg.E]D..^...p....xI L.....n3w5....s.z..uk..~...3..V......E..X.7.. .{.u...z...I.pc...K......$m..X...\...(?ah.0...D`o.f..*q......!wF.N...O).C. ..Q....&A#Q)....Cf.-`l.9c._O....A.o.g..'.1.M..:..E\.vb.h.....RdH.w.:./q.....`...fV....Vp.+qC..B..a...|W.W.....6.N]{3...S..~{..........X7..>....b.J...........}7..vm.jgo{...\..u....C../.3N%..Y..2..3..,.6....`^3a.Ex'|..h..V.T..A...v.......9y......Y.8...[.X.zK.d]Qx..p...T.#<.6N....~...Pv\KA.cDz.?.[..u....>.g".<.......LV+Z.!]0......O.....V..7.f....n;....Q.....z.....1y )..@$.^E.s....C$$....".....,..).Pk..u...h.9K..W..fDS4.&..4=._.M..a.%..7+.7?.>..].Q.&...".9x<..y.M.k........m..l..8"{9vb..0...p-m.-i....%H<.XL...2{.....*V...k.\..)..g?.P........v.>]..wG........P._...m..-6..d.N>[....L...7s*1.z......w.Q...."..@.'..s.VRO.."..p...P".8...........d.(...|f..@..y..e...T._@...Q../Ov.-..SdO..+./.m.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.981118268505377
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:G6LMA4GWqA6XVm75d73vnx7ib8lcSwUg4IoHUjYQu:GHGWqA7ddzdjldIo0UQu
                                                                                                                                                                      MD5:47ACCA4A4AA6508FF03C5B3E2F2AE2F8
                                                                                                                                                                      SHA1:7D3756CCFABEEAA6ED111453ECC3755D35F034F5
                                                                                                                                                                      SHA-256:4082402D7A3A672DAEAF8364990470C3C70C3C38FB0369B7DB7787A642789EE9
                                                                                                                                                                      SHA-512:86AE8281D756522CC608787CC741764DAC215303866A29D80B495D55154CA0E914369438AD33A0A344B780C4B3909D4D40A81B92312928E626BAC1F601F09414
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<.mC<...w6.......z.U.IM...D....}I.O...n.|q.G1...8$e*.,.`.+....n...*IU.4N>.....N....VpI..9..............X.....P..._..1(..{..s..L...tex@9.Oi..1.2%.))...P..@p:..Z8n#...B..D\(.b.AHB..T..._.'..qU&1....&37....|.o.'VQ.N......V.....w..cA...d.Z.l...*...3.].....Q.t..[v.M.....+pXRw4..]..*...H..x"..PaJ|..1....|.k...U.8L.p).z.....)@%.[..l..?..PzB......c.....K#$.....s...<$%f..CQ..>{c.D."p._..'f..o)..t43.X].....[....z.f...i.|........%...M .w...[.o...u..q....(...I..w..~.....s....:..^..Qk.5...G.....=.......D.y.<.....}..,s.=.M.&..M^QX..MY......{..<4.."6...v.....h.....|...F..j52w...).......4.\t\'7a.R...*_....^jl'..O...wr...3...Pn.5F..B..5S../.MX`...@R}u..MAk.w....D?o...M..l.7...3...#T.ut.....BF..K.q.....K....q....l.....<!..<{.,Gl5{...Cz......:..Y....%;.R.k1..f...F.. 2.1..L...,3.2....R.(..$..,....{.W.Pl......>....XF.d0.^...iv.......Z.|.Up.Hv......./.+...LF..!.....8...e...:.A..7.9.Z....s..R....1..s.+ni.W...S...%_..;ky.T.;(.r...#...Zo..K&....T.:".P..%...Ut......
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.97772225934077
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:s9rEfoNPnWda8wwKfyxDuCQaPYr9jIxwmzfTP6xF93NlwUH3/kzT:s9I0PnWdaDnKxazAOICwPg3NjeT
                                                                                                                                                                      MD5:D2BB0AE5077140150AE1DB533CDCD75D
                                                                                                                                                                      SHA1:DCD7201E611D2FC9ED3C2B44BB53FF992E19AF73
                                                                                                                                                                      SHA-256:59D42B9A60893ABC9F5D55EA6A8158776D0133297E55FD50321B1653E6F4D347
                                                                                                                                                                      SHA-512:AF00E7736BBC5891DB969B3872A78C87B897989AF705AACC0838E781987A7A5E0BF1F2E6D962B25F815082CAD81756E9977EF84A62BD99F4FCEFBA7D4CB931FE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.~f.pC..*.qo7...my...@...W?..1D..0<.'.......Hl...r(...D..shYY$(~....Yv....=.......^7:#.....}-..`"...|..l..U.76|.*cE.r..7{....%..".."............!..MH..|....[d9n.e.RA.c.T.....g.W....-.l..i.!........e..T.;..^...:...jA|3.R.o--...>..&-....g3..T..~6..!P..e..<..u......p..J8.mDK..f...Qi..M..x..T{..kH.n....a..2|.....,;..[..E...BJa'..q?.......-.....4Kt..6.o.o..rD..I..c.......j..].v....G.......*uO..E.....%.w{+.d/.EeV.:56.D.#..JU...G...q...*J.F..X....q.....l.:r@.....u..E1....9..U*..|m......5.T-..2.IXY$=R{.L.t.. ._....5.~J...[5v..D.e.....ru..`...co.?y.D..P3.._.n...kd./Z..&x/.&..".S7p..k U...#.....p.8`1..1....ZC....&..SuM.&...`9......#...C@....K.#jybV......&6N.{{.<..n.h!..l.M..N..Z.R.1...K...1BRK...s_N.!.1A....]...ait......%l....,.;#A...r8.(y...p(..`..!.B.1........@.2W-...,xfu.>.V..z...+o.L......"..@M`..w....T.$...%<F.....B,......`..z.5...f9...,_.aW....fh....Q)..[+..5U..~... ...Koe.2.9.....B.O..rqU.oM7.c.y`.....so..]i0.m..,.k../...c...!.N..<}n.&..A........
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.975900345989655
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:5BrWvtkAyiUo3Vp17yO994Afc4fYAV50dpxqr6FQbL:jlM73eABgMsG
                                                                                                                                                                      MD5:9D4F6787AAB2A74DCA546D3577351F9F
                                                                                                                                                                      SHA1:AED4830643086F906F5102ECBE9187984C543F84
                                                                                                                                                                      SHA-256:C70513D289DCB43EBBB1EB115B1555099AA2706850D4C2F08E918A34A622F189
                                                                                                                                                                      SHA-512:464D1992DBA90FC622BB70C2BA2064B4D4258206BD2B0FFA75080E78813AD5826C545D63C504CA71695608AF90AC46F07318ADEFB9C033E03B0075FAEB43461D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..@#.S.7..dI..'xV. ....w..=qG..,i........h.`...H..%%."..E...I.-H#H....=V.h.@.....@R.beL..+*..e.X..D..Qh..u..K..X..r..[....8....A....9.xI>`..l.........Q;....X0...n.W...t0z.0...Eh[1.....v.]r.m......./O.B.jr....)..Nk.BsH....L.;.....>..nm..y.H...~/.@.e..elT.<~.h..Nj...c..-y......!!.d.(.x.>..."..(.$.........(d...w.r....rz..7..a....U..J.N..+.D...S.w~..~T4.....lF..H~.o+.}}....|G.\.T..BV..f...\Z.'7m*.-..D..h..;f..Z.(.G...p...........d.>...+..K...(.hzs...g..f]....9.6...o....*].... x...mn.;..*..a$.D.F...;1..}.(f..m\..T.s^...b..A4.:Q..'...r..#..x@c.]:C\.d........fN~V<:.....)...T...D)g.5.`r")..8..*..>>..........k.k....?Q7.6..k>.Fk[.#..n,-oS3E!8%eh.F...(.c.......4&..<...MF..JQ..!..p.....l..TD..s.m....S(u../.4..T...+W&..v.....Y.Z.._].a.;..0..^....p1..Y......B. T-....r..K....*/.....S.C...K..e...-.T...q.e...j@....*R[.P.^.s..<b.M....)uv..*..R....%.p..p........v..&...5....%..1dB...[.e....{.......I.=..;.J"4..-........YG.J...7h.`zXo...1..8[..UY.s...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.977547274166943
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:d67sv+omeFpoo7NjpneON0mlhjitu7F/N45Nr2HSm:oIFCQtTlxPdN45Nah
                                                                                                                                                                      MD5:F6279489942FEB2A147755E0799C2A5A
                                                                                                                                                                      SHA1:D24250BF952EB79773B1D5A257A0B60B2303039A
                                                                                                                                                                      SHA-256:66C4C96D4376D02AAF647054507809105BBF0E1E51F083F417F8D9DF6AA2858B
                                                                                                                                                                      SHA-512:8B7FE283E6B43540C3D43AB7BC781F64A705CE41CDFCA57DAB14D08EF654A96DE31C622ADA7AE2F1CA5B621CF5190C7B3CDD1F70493CBBB7D838F53FF748B9A4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[.]P.6.2....Y.i......b..W.*..Bp....b...).......o.T....d..xv&...id..UI..,_*EL...h..G^H.Aj...-.?:..Zo.]0...=.:.^Q.(.m\E..E..a.d.$.,.`1.Q.O.........|...k...J..L......0Gl...........I<.l..E.x.0!F..mj9.......B-+....).c...V.ov^..h.;$X.%..i.H...LT\..DS'.:aW...hO.gJ....BJ.)....dQ........:|a......t..4.B....W?V.4.|...0...b..<....K..}...Fw;..Ck..sO.vH.#Q.Y.0.g.#....d.......s....v..>..?......)Ag..4.J.r..ul.N..Eq8i7\..AE....!.?f.6......[..az...V..i..x..XOg..-..~...N.h..^(H..s.zZn+i~..U.$..sX.../|..E.I..9Bw.U.... ..#K".hU.|.....bi....K...l........Z"..........".B/.T!J....i....I.D.!...3..d.N!..u.v..q..:..}..@^.<....t...*f.6.x..z..u.....+..of....(.u.0D.*....@ .zg.7I|F.....e!.5..P\.`..gDe..H....dzX....pCy......M.g.4.e@...o..\0...`.?....Il..{..5...Cu..V.."Q.4....(\..].l.........WK....3.#3.zyM...i..[[Y...TJ-....`J.l5.b.......vK|/..~uj..n...c..E...6.3.{...q.(pa.R.....=.D..{...lcL..R6W.p...+..........GIn7p|........x`SV4..O......%..u.{...fr..y..{.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2639
                                                                                                                                                                      Entropy (8bit):7.929904173128916
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:iOZACsmcsZRSaygBH0pJppncvfOGveki6O5FfgeDnx0pMbrqmMF2Ttre:it1mcsqEHOpcXOxkiFPVDx0y/dBTtre
                                                                                                                                                                      MD5:2748ADEB2A0E2E076416B40852075E35
                                                                                                                                                                      SHA1:A85D7E694459FC8F393EABE22518A04D28989B58
                                                                                                                                                                      SHA-256:CEDA39DE54831353E35A2D72A79E93BB712E57711959FDE5CF587254B2E8E3FF
                                                                                                                                                                      SHA-512:2D64A91123132B607F49C3B17D12B84B14A45FBCEA547FC6CE99CBEDB6D2BAD90AF0305C7535B628A3731194E116C3CD34617D4A4C3064BDFB712BAD7B81C3C7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.Q.D.mJ.I.|..V....../......*.....w.~.@..X.$..t...X...`..5..|%....l..!...uP1h}JEJ..@.O..h>.L..`..8..=c...C.b.t........b.....^R.zn....=..$...g`y..].~K.'...to-..K.A.Z...$...u..yT.O.>'v..P.<.z.6.8..N.......S...={J.[U......--..:........4lX.^.j...,.w>.... c}..9.3.<#.v...."e..4.K..l..n....!_ ....D7..J.Y\.....8..:j.i..*.r.....r)0.......UD.<.T`K]E.h.Y.y....";p\R..d.b..j..u...|....|.......|..J.."...l.,%..z.x.GXO..s.V..".....s.AZ|..p.F....}i....mn...Y. ..\Hq..V..y..T....M.........,.......$"o.J...@d.r...Uo.MD.{..V.4.;Z....9.o.H.m.-l]M\.>......E......!..].l...X...;..%..piu..8...`.a..e.T..1v:....n1.`.BSO..-...^..$Sh..R.$C_#^WT-..&..q`..@w...,...&..%K.D[..R..eE.=...f....j....`^..1Q..xc...]L.}...?.'B.0.O.`..lW)..A...j...]..xu*....V....l.=......3:*9.........x.S..[c.n.7.....b..B!..f.\.T...9.`..!.Yj.B.J....*7.n-..D.8R...M.:........N.}.}.UPP..?...f...)....t..k...%....It..).h.........2.\.o.M.k,.....f,I..H)..w..M.....!@...|9$Zt..._...=........&<.BI&.q
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1866
                                                                                                                                                                      Entropy (8bit):7.897478495315315
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YqPIixFz41mBuocctrs7cQcVwEqn7/hSLrUAtre:YqgAz40BupcJFQdQHUAtre
                                                                                                                                                                      MD5:FEE218BFFA62B777A241C0D6CFEF3A32
                                                                                                                                                                      SHA1:DEC882CB7BA6804B8A2266A93D7D9A30FF098F92
                                                                                                                                                                      SHA-256:F3BC000A9CC5CD781F72EA65A1495C22AF12C869D08479404F552A043808421E
                                                                                                                                                                      SHA-512:1D504907555AA16FA95FF239718C97E3FD6B0089A54B723148BB458F9DFA0F76328C284103CF3E260F7D8EBF1D25D8625E41D734E474835AA50A48D0BFBACF6A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:K.@.:+{.C..k}TFT.{U.^.........g..X$.[......"y.Iu...8.R.....W....].2.....`..f*. &...."[9a.5..`v._..B.V.CAJst..*...FB.....9-..'.0..%.:.....Qu....[t...S.b$O....CjK..x?!.9.)........6.;.....)_:\.I.....x..3.................O.yu..8:v,....C.....2..D..b...=..g.8... z..&.,y....^....H.B.k...'e.....$...n..HT..K.U.6AJe.. ..N...H+E..#.J...!...P,'{&.........z+"l...w~......L...-...Q...N.T...\.`d.2.?...C<...FEW.N.U?...).....s.".)0.........D.`.4.4S.....V......h...q.x.n.K.A.....sm|..T#......Lj.L..E.@zZF. JW.n....1.^3?..\...r...'..(.......YA...q....Y.7v..NCQ....X.x#....C;.RYp..|~5J1q.xIw`.+..i........q.[.Po.f.....t.Y..b..nwB...`...mJ9JP..=.[Y...........!a.r..j.vn..Xz[8.g..H.Y!.h+X..GJ...6..iP...x..e..fT.......8.....B..6..X...WK=i%!.V.oKH.$c<..4nO9!x0..7...0D..c....(...*'.....Ml........L..@[.-r.B.M.......v..^....G.o.r.byh..`eL.o...Y.....#......D.....Q...j5...?.w...9..b......g...l..W..)...9..xX.\.....gK.gw..J.y........A........-S..y.a...H.^........_..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2647
                                                                                                                                                                      Entropy (8bit):7.924036742955884
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:kySux67eKmjwhuN1qlHFvY9s0p1gcnKxsBuknT7IbRI0zbptre:kKx67eKIGuNgYu0pjnKaBus7v0htre
                                                                                                                                                                      MD5:262114DFF3AD11D41F23AC4A9E9A1A79
                                                                                                                                                                      SHA1:1F9F8774A403C1C7B35D1A330FE9494133A836DB
                                                                                                                                                                      SHA-256:AFBDDABE7EA14F7F0B3465EAD8743A0763960F79617A991A8750A6993B6173F5
                                                                                                                                                                      SHA-512:EC02BF6496261AB0E1D857967D4C8489ECB53BAE9768223789E5A02BBDE1C13467BF5FA54E85572174EDC8DB740CF679431111FFE5E53BEDA4F81904BDBB05EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.r;.I.."Y.5.n. ........a6.y...\_..V.../....#...5...J..;P..k....F..M~.Q.j...T.....O."fmY#..>....^..^...5...b...Z..*m5.d....nV....K.;.............l=.........Y.uK/mG.+.]>..}F...G.N3...G...B..Z..q.G..* .X'DI..?.+x..*....v.....z,*.....x 5O..t.........S_.,.U^=.Y...........K...u.*.Io.R....l*#..+&.!;.*.m...7..\.U.\0..">Le.-`......,.....v8.T.c..a..yW.].-Q_....H+.r..\q..; .N..wF.U..X4...G.2u..1b.8j.:......[.}....&u},...'x/ZN.k.C.....h7H.Bc.n....B(..o...a.....}s.....[......<.t.N..._.'.\.L{u..s..v.....&v>..=9.IL..J.4N...kr...r.(....}..R.K....U0g.v!..`.^=.g.5.0.2...@^f.A$..lqO.....N. .............|,.4.VTyI.......Gx?....u.e..F`..qe4`..7nXr/(.....f....B..........k.d......@.Ug._S.0.e...={..<!G.A..h%.]H%.......~.....<2...j.3..VE.P{4......L...-.9..>.+Rf..u.....p.QJ..'e..,Iz....1.....I.........,.p.cr.g.b."<.7.<;$.B.'...SM.>..,K..I)..8.*.*..".......3..PK.a.9..?.Z'.vS.v..Gg.n..&.2.....&t0.....LM..Y&n..N...#^.K.....}h......_.\h..(V....b.9....V..[i....r.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1816
                                                                                                                                                                      Entropy (8bit):7.901103457173845
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:osLN3eB6VzOpBqyv5Xa2ZITprMWS5wfYzrlsC+Atre:MB6VztN2ZIWWA/t+Atre
                                                                                                                                                                      MD5:1C91563708A9E3DEF2B60E2886BA6F4D
                                                                                                                                                                      SHA1:5BEAE53570BEF5A6FE6FF4D3B191A4560E5C3BE6
                                                                                                                                                                      SHA-256:6B1CFB0E792164FA9227950006C39C8C91DE7D38B7A2D0AA66D2B8250BB0DFEA
                                                                                                                                                                      SHA-512:253E1DCB8203E169D866204499FBD49F475BF9B5028E70896B4B8245B940E45D5F61D8FAE089A8C93073532B22D2B7B8B25331C0D3BB81C6AEBDA43ACD0ACC74
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.C.z..F....M.u0....9..4.5$.s+.96.).2......9G...y.;J..5......;/*...r.+.jN&.{.'.64. .B.D....e.,....G.iU4..I>o.o...........oq.e.2..S.K*...j`..?.V./..lC.y....Ky.&Vwwq..W...Dv.....<K...q.A..mz8.........E....Ol..........a.j.t...NYE.33.{r.F...`..B...v.t9....9....>....1M.k$..+...).>...t.T...$|@..nD.p.I.>6~.U^..0......r...y......5.M.91...."...x.`.sM/..f..Z..C.h.s..G.&)j....A.:.....D]4O>.....{c.P..V..^.Br..(...E..8..c:6L.)..9.e..ip.J.....^.7.^|...\..Jw.....'...j}.7..L.U'/...g.....Qg2\..K..C..PB.l......Wa.*pb.U..t....C.L....1..!2......0.pf.L;z...<.2..T}.B...........Ut......,g...2.}.=..!q....w:a.?S....(.(..../.._I....{.....O.OM..O..&.L[.E.?.!.4X...xH..c9.7.H....X....._..k#..`08.n..d..#.G...4A.......@...|D.....7LC....w..+..<l...v.......s.:~..@.u8_Ty_..'...!+...k.1.;....$P*..C.I.....!..A...-...L4....'8.!^.!.....,...T....l..M.[..0...]..a..I{.N....Y.M..%..:..5Ix../.M}V.....)..5.~.SPZ.:h.....O;WR=<.%..#..H{.LL.#...........T.-.A.!.b.`.2.N.N....n.b....m
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Public Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1799
                                                                                                                                                                      Entropy (8bit):7.912309792799911
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:Ghl/fV9YmjxIDp1P1066LCy/FBOiaAf0VFj5aqTO2js8gtre:Al37YkqDPPD6LuiF0V5B7jsDtre
                                                                                                                                                                      MD5:9BDD90BB782A10D2CF707DA85CDB66E4
                                                                                                                                                                      SHA1:291A6DFF9418097C7356BBF988CFEF4348F400D6
                                                                                                                                                                      SHA-256:7ACBF399859967C0D8812DAB4065A10AB0694378C603C5065A0026E095B77BED
                                                                                                                                                                      SHA-512:847E45766FCB0F998FC0F6F46C38E6FE48325D2B437C2AAC60E9930915042A100CAD608A75BD6B8FC403AF8605C2F35B0A8A23A549CEB8AE9D2CF7637AA551E2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..Gn._..{-sN..;....J.,.D.3.)..........q..q..0...1>Y......~....|=.nK.5:.....R).</...E}.[.|'[o..@{.6$..4..V;Kk.<.k..D6.J.gi.v$...u."..d.............@.=.{..mW...*....;..p*......S...z.0^E...W.|....?30.u..}W.z.."g.vn........H........T!Iy...3).2.._..E|...%/.A..?=...u/i......'T...i....`...b..D.<>.41....y..u..p.xy..-.)8..p.....@..J.2.....#.+/.-#.R...Q3.@.F..?vL...0Q...XB....T.....S.....?.2.M.c.{....[j.t....a./..jr.....db.@..c.....;cc]Q.L.C....n.........L.....Np%...Q!.-..PF}z.!R+..G.{.F.......e...j..=...K*b...'|N5V{.n]n..meU.6./x....67.....4..YUk..4..kO"..f...F..H:].+.(........3$.j."...{..7NA.p...(..r.~..I|*xJ{}:.,n...$pe...[.............ut.+X9*.......-.#.........D....L.....MfC..LP.`...^.Sa.a..O..k.?."m...........&D.QTvK..s0e....S.g...B.7..LTo.iK...,:.U.\...i3@..............&OB.... I.Zr.J..]...^"...wjI..Q...c8.l.x.S......w..7.C... ......:......2V@$C...VnJ.;XX_p.#..(.o...s.>B.u.-...y.....q.o5..%F%W....bZ...S........\......+.S....^.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1352
                                                                                                                                                                      Entropy (8bit):7.8642611857938105
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:7nbYiqETe9PiGZ8cqPn+Cf/8LFG3AXKHdRShJMksaT52PsBtrF0AcrloSttpVM:HYLETe9PJZ8Lvp/q9uRc+Rafr6tre
                                                                                                                                                                      MD5:4BF262C88BEA7742239BA25D1058D8E9
                                                                                                                                                                      SHA1:C7C07B2DF56B679573FBCE927BF5329C584BCF1C
                                                                                                                                                                      SHA-256:545976DD493200E4001979F67E17FC01FE0BA0275B70FEB7A999FDFA1A512626
                                                                                                                                                                      SHA-512:99B506BAF6EABC71A1F3348DD0C191D007CA6CDA69D7198131119DF028BDF339488C44A2682585FC8C3AD8FB285D4D24709F67C4EAFD6DEB6713484DC48707F6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......w...W...k..^E.<_z...p<~..~{Q.k...*..w^.h.$...K;]....+I.c.`...ko......@..>.f.Q...(o!Z.Z..rq.!.W...X+.....Z.]8,....G.....U......G..Ie`...z.<..I........ru...hjc../...5Q.Z8.....A..Th.~....W5xN.:..&.@m..=..Y.......A...J.K..]=.....R....XL..j..\...mF.......7.-...U<.V.a.}6.?A.A..20Lb.8.. .'....W.Y..F.B......_f.+..J-$.8sZOq.~.AQ.4..J...)f.!.J..G$vB....O...W+.E.F...$.......2.S....HF....G.'!..E.J._..5...=.!W..`{...nW.C$}.PW(.!I..#C,*..?...H(.>.....E7>.*......B!1..?.`.W.5.'..W.."..n.......%.1eK.Ow...@.....e.)..^.C.C..bsN.t......../8..Aq..;<.....R..}.Y?d...P.p.GT.&../p.....E.Nf....".|'...:..6*...}a...Padx.j...+.f...T=.....D...L|.(j.o........Y....x.....~).a]...a..,....T.....r.Z..hA.R...S.ik6..SP..Z.wS..\$..Ni...n........Y..3.......R.Z..x.....4.L..94..U..K ..z......H...X..'`ph............1f"s..l.....+h.Y.....W.<..&.f.]..Rt...M^.RPz.t...`uX.."q+....m.....U....e.-J0D..u.'..i$.....l......a...WaG..'.....s...LEp...aR3...X.!......G..tB...&.J.Y>
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1695
                                                                                                                                                                      Entropy (8bit):7.8824990879854635
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:oE/8T1uJdXcnz1wvGewwA2TMpSX2JntmkfQQtre:oG8gXYWvGefAaMgXqtmAhtre
                                                                                                                                                                      MD5:9D8305F2600F5B71442D7B4DDB1DDE6F
                                                                                                                                                                      SHA1:1AEF640B0F4FDD1F94BCF6DF316D8237F7E583B2
                                                                                                                                                                      SHA-256:CCAEA36560BB55C216DD0D28DAD3976649A467D25282EC5778D0C18608CEBFD9
                                                                                                                                                                      SHA-512:B604EF305099620BF143507C5C84E9DD8F93094888BF34A1A9EE5C7331A472251D582D806E10BE8666838A3D5EA66CD201815769A9F7C70A14C3C5A1F7FF1B5C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...*..wd....Jv..Y.5.vb\.4...?....Q.0.....K.Y.K...C.P....U..B....O..2..4....l.......&..1&.)8..!....L...s..kA...../.B.e.'.....G.....?...'..$...Q.b"B...Fm...x.(d&P....V..t.q.$.v..S.._>....D.Z.~.(........o,.p...&.[0...G,_...&.f..w..K....-m........z.....o.m...q..we..#..A...u.+..u$G\{...T.>./8...,...ww._.I..*.f..M.i?..!.{.J..i.k.j.#.?.D....@...B.N. .7...;.P..IZ..../3.{......#....n...b ...:....z....z.5.d.s...U..pj(.nr^lh......3h^....^oA7.....^.b.....G]..+-.74...E..+..'.i..KW=.+......i...)g....P.hL/|/x./.0.,.......}X}K.A.C....Gdj...d.70.<z.q.T..6Cm......y.B.r..C......`.v..,.}.R4.?...Mkn..%e~1..x.N.dP.....-..q..<{...1A....._..P.%.jm..[[..94]...6.:A..01.f.Ge..p'L.K...w..Pl.g9.....^iW..Oj..........l...06le....q..3..u[....-..<.`>0*.P@U....E..1.....F0../..~.i=.b.YX....+.....[.oR.>m...g. R=...4.....O6......Xl..<sI.q@...y.7$.....M..A.F.H..b..~.......m.AZ...o:.D...|........Q...K......EY...O..8p...pw.0.4......l(.....2.~....P....7|.....?..I3.@=..$.%?
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1299
                                                                                                                                                                      Entropy (8bit):7.854158488776091
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:vMrfJ9pUONRcUWfjWp/xbEqVFMm2G1G4KrpWc7RwocZHrF07+De/PuloSttpVM:vMrfFRmW8mFBvY1rEewo6rE+DuPWtre
                                                                                                                                                                      MD5:3EA82C4BFC92256145C1B6127F288FF1
                                                                                                                                                                      SHA1:A99C6CDBA494CB7FE3E2BAD5F422119C8B3EA7EA
                                                                                                                                                                      SHA-256:195A95B3CBB31DBDB136C29893B627FEDC4E2B5266DE22C2F6FBFD3814D72AFD
                                                                                                                                                                      SHA-512:24188BA1D1F0BC720D37A692CFD326C167EDE5471648BD1F2BC5F99E4E05487DEE6EFA3C2BBFA3F24C5BE1A30993ECDE1DE04F856C38F9FB1881A9587B7E7526
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:>. c....(.ea...!;=..=c..../.........k'.e..&#!/...M.;[R..<,..~e...i.....y^0...A&Y...i......9.........O.[.X:x"I.....M.g.........W@H.>..D....#.G..tO>....O^8=V.....$.q...T}n.y..H.bc.....j...#v..8.....0.GN...O...O/...[_.0.(.d``.%49.........:O)#.~m....U..P........,.'.E.......*..)e.. Fgt.j..Z....\.R..*.=Wg....%,O...!x...#.q..#...x.]..3&..)& O^........da.....w.i.......?~rk....nU..G)...F.u...O.X4.....`]........l..-.ube..8...wZruC.>.m.^!Y..5.?|..>G.6OE.V`9..+.G..w...|.m...gL.inJ.jp...1hI.6"c...l.4(nn.vtx..6.......PL...(.bI.l.$.|..S`p.W.G."...t.Y..M.Civj....V..E4.~.y_..!..d.yJ..P.........O.Zf.VVY\......S.......4....j{.I..?U......w..|^`.....?.....8n.c.x..5a..*...Y.i.>).......ckLY.GU.L...E..z...!P..7M...i...a. E.z.....C........b...K..z..>.7..`).$.>...AC2N.QJ.......*1../.P....BT.:.. ...}.p.4..+...u.~k.[./....Ot..K..@HA"$..Z....(.B.8..s..Z.F.G.......`r-$.4.........u..p......v.s|...V3z....I...1V..n7.t.n..U...d..7."A.W......aG|'..8..A.U..;...D..!N...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.980137666879505
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:JrPoQwLUWp4lC7MR56l0sUg/9jePd9O4pO:1xWp40asUglKDO
                                                                                                                                                                      MD5:F46E0505C6941B320BF03462239153E5
                                                                                                                                                                      SHA1:9A4CB2BED458F2C5867FCB3A55AF0310205B66EB
                                                                                                                                                                      SHA-256:BF12DAFD21C4DC730E46910D5060CD06C8AD32B5DFCEEE852352C1A4D90F9D79
                                                                                                                                                                      SHA-512:EB5CB9260C685AC42C9DE334AF2708C81658528C5C5604096F4361082D5564DA3A5D67AD966D499AACFAEB7B42E09C0C7E1FB25FA836DC08AB2B9D3D8B007BDE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....g.|...B...f .0.p\.......R]...ft{q....h....A.K.B...}YC1X..rg......i...K..f.^z.X......e.1U.....#.1.?.&X.G..Nvbv.r...... ..i...mg..kdG...j.?;.}E.pX.K..`wOhq..7..";.v.Y>..-../>..{.d..?...A...^v.....q..TQ.x.m(~..lR@..,w..........|..P.K27.`....u.^7..us......4K..}....]...2{k....X..R...3.'g......T..{.....Jv..]e.N..<.......5...K.........N.}..ez........,{.......VL..j..P....\.fI.....|MQ.......J..l.j.".c..1...<!....wJw..5..}".....+...M.62K_.2.....r....W&.......N..%S.......$.;C...Zk._.......f:h.TW.lk.Za..;W...hV.4f..7..(...9..HbDw@.!..y..g..v.....'.d....W.gsS@...F.!.].R.. ..M...lT../Bo?.+...`.9+~...~.......46.g.....`.l..}.....$...n..6.{..G.L.......*...'..b....2..j.....-..z.^..=. Y.....k!.B.V...q......-.....\..@.....<..%..-......../.FI.*...F..o.......o.pH.._.n;.e.>a.V.Y*).:..?..P...:.....U.m..-"<.{....u...G.....!.=>.7!2H...().By...<..)3..p3...v.4.k-..s+.i.}Fwt./..............[,Mj5..N....d..n...-..v<....a.]?.._..!..ds...+k...:.uP7...T
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1573111
                                                                                                                                                                      Entropy (8bit):3.6200748356474337
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:uLBfZwYacgE9bKP8xChFKQRLZCA+40HRGm3ouX:uliE9bq8HCCIu3N
                                                                                                                                                                      MD5:8C879E2E545557EB6E07F8D0CDC8C4BE
                                                                                                                                                                      SHA1:A37562626DD8A12740E122A183B032572E8C540F
                                                                                                                                                                      SHA-256:6B38F32257D1A5FB42442D23B376E2A23F659BD6F0E8C5B55CA6CF3A17227D03
                                                                                                                                                                      SHA-512:B23BE9E70A2A6B9FA7232107D4715530B9418AA7EA2EE3C5A8C0F58D0B215F0D20B3B15ECC95CFEC520909B561254F7ACDFF8C654833342491FEA7380932BA13
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:u*u...N^.V.........I7....s....;......9..'.S..B[.8>Q7.h.@.?Sl.&......bE|$.QD-.5...(...ujU..Knl1=2..o9../X.P...f.HKTvU..9.W.cfFk}+.s%h.H..x..._J.K.q.[.n]._..1j."..&,..D4.(.k/...s....z.2.......V.....Yb.)...k.&'N.6.8....XWU.zp....v.....,..j......v.E0$.-..n~:....n{*.x.h...q.B..!....D...p.4..$..c...~@.}fzs....r...>...r....w..r.?M.2.b..k.g:".."...]....z..9.Q......h>I..%.....L...S...Y..o.h...>..]......h..m.,..=!a.T.1....p.Yc....#.b..<Gk...t^.%!.m...|8V..X. .[y0k.....~..T.z......C.D..b.>a.k.:>).s%....d..Gs..Ux..=.m.0.v.`..LV.2..k..f..qt.g..Q.*..........n.../..y...9...h,m...s'...Cw.....5u...^h...5..T#...l...m..he.Pk&.'.,..#.fi..e*.B(.R..../m...;EW...DUw.1|..#...h......'.pR&...;.....ev.8*A.).F-.".."..\^..F.Y/.....A.A...3U../...>ys....z..9...Q^..wr.)......r.....+(@.*.-)......M.d.y..~.L...S.T.x.}`.......4..Q.G..y{..3-.|.....0.Ml....}..!4.U..D.4..8z.y..}E}..=...\.;/.3..};.p.;/.W...-.2.)Y..$.. ..CX..P..5.R....(.\.>p...n.^.qz..cd|.@n...[l...'zIunH.I.$..4;....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16632
                                                                                                                                                                      Entropy (8bit):7.989181716638098
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:/xq4NymXyRiRNWdE1YTnljlJjonn3as6s8:c4/XGiRNoy0lZJjonnKK8
                                                                                                                                                                      MD5:56B7AD94DDA925D177F71E709C456115
                                                                                                                                                                      SHA1:CBAFA6672AA8A9FD8F7F45D4829883D974A11628
                                                                                                                                                                      SHA-256:D8640C82C946AEB7FBE2A17C1925B9E65AC204CE7F50153C8F5A45AE5E6F2625
                                                                                                                                                                      SHA-512:B4E78035073A63F64993DAFF720D0C5336BCC07FC8787ED4918A0C221A6EA2DC7319313C0A201EC2086C5AE1F71448249A645FF2A8EB8ADBB6064CA105A7BBBB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Z>.e....:..A..1..'P.Y.#C.t8>....Wa.}&.J.....&....j.=.$..z..J.r.88k..L/...Gw.#j....@.\.....5.Q..I.b.h.....y.w..U.........c..aqW.quq..;Bs.o.-..p....BV..........gU@.#v..Ap.p.?.!.D.mL.&@Ja..'.....[...O..O....{7.k..:._].0...&L..8q.pL....Nl.9|.........Pt=...a.k._.P..EgN.:..X........}.M..Iy-..r.w....x..o.N...]9..7(=.z..M..He...O.a...~.=.....z.Ci...L~....I....+)|.K.z.?l!.F.r<..q..|.$q[..b..w....;~#12..iM..L.....+..1.n.Jj..V=.D..?..j.!-.bj&|..)..8...+.....b%...NuwA.fM...B.".-#P.).`H"....:_..C.|...w........U...W....\?..Y.>........7F~.2....%7....XC.7|i...A}....z..0.....0u[....*..1.....@....g...80`..pw.o...bW...X...".2=pYx...tH...a..X.p.Z.&........1.*..<l......z.h...j.....T....P.Vj.`S(^...2.p3'Y6.]......I9:...e.?..P..'..0:GB.XC.jK...s.iE.[.K..`S.'.pkB..C...d...i.wM.c..s.V.....V...a....K8p.t...i&."tA`.t.(.m.Q.y..Qt......}.A.`.K.=.A.E.=.....QA.7$2.\0)..a...T..c..C.Z..?F..b..c.m.....1...q~R.!A^c]bd.....LQj..y..8...V...B.+..~W..1d....E...Q.x...,..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):107444
                                                                                                                                                                      Entropy (8bit):7.99833965086467
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:XO7fNbOIL1ORf6kiq9xe+3ngjiTilO0EVPoP:Xc1b51sgqfJulOfwP
                                                                                                                                                                      MD5:3A20FF23755B1A086A3EACD7C296E8F1
                                                                                                                                                                      SHA1:650DC86E090AF587F617003916561892CF7A40AB
                                                                                                                                                                      SHA-256:0CBB402E26957FA28FEAB574A0541DA9ED7676C77E42328F5C5159A4FCA257A6
                                                                                                                                                                      SHA-512:ED49723B394D9420C8782406B8B6EEFCC59F9131CE12551A3C8790727C4E4A81DD135E2D6E2E2EBC94D63D00856D2EBFE6246204F093397E50567C9BDBFE3D1D
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.@..ZO..6..26i7O....8\.B..!.iK.A.-$r-.^GT.$....4.......!Y(.9E.!.f.x\.]Q.d2=V.q,q...<m..B.j.....:.....G.|....g7.0%"..p...38|......k......+.@e?.j..](.............E.X..h[..p~4D..]|.......(.P.(&..GJ..X....R...}b..........Tzk......$...IT...1..sn......<i/.....|E.k.5.........Q..]-........~....`>....{...2.QZ.O 8....g4.....9.@Gv.^..%..7..M...@\ .N.5...'..Im..!..n.. .Y..6......&=...V....=...J..D[.pa....v.v..w..^a.T..Z.YHK.yhj'..P..imDk..!]o.<\..O..4..l........[?....E.?E2g..E...T....a...O.....25B`..O,..7.:....L[.'..%e..nD.?v...x.6Q....P..XW_.......9...?....v......\.s.1.G.....U0./^..R.8.,d.NQ.?...C;{UF...b<.........:...s.T(.1.......W.|5.Vd....).eq.I:......;....~!}M..U$..bP_..0....'..0....I.}.K.r^.z.b....}=.kW.......kc>... ....%._....m.*..hF..%y?...T"....FbI=...'.#d.(.Ou....K......f.m.5.+.h......c.z.i....2....n.[2I.h.1.%.v.@Sk.._X....F@.........';..2..Z..N.s..G..1{..r*h..0%.N.i..><.x..V.E)P..C....;Gp_4q.........s.L..o..QRaT. .V`~..'.y.....5B
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.979958364960217
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:KZi99qSt95juFNRtU7LyWp4RcVdY7+9MobK7V3kv8RgMHfEd:gIASNSFNR27GWIUdYq9JK7ieHfEd
                                                                                                                                                                      MD5:2A67C5969DF340999E401EECE09F3893
                                                                                                                                                                      SHA1:0A6A5A0BF0B720CB7F69C66625C96A3D988A972D
                                                                                                                                                                      SHA-256:5AD22334A2C404F7A75E7DE411ED4CD2FD11ED13FFC7599A87921C87CFE2C606
                                                                                                                                                                      SHA-512:19366A805CC918112A76E04BC78A1C991EDED62549A9316230C7CCF120690F243908809DC28121F321B374346D4C382761B09A4CE3988667E065115D32B8742A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:9?.{.[|....V....A.P..,.._.Kh.0.8&..cx.FEf^....5.g.kU.Q0.t.5..n|P.N..#......1.y..0....e..h.C..O7_D.ukC*J.5^\.4~..%GmU .b ;az]o.Z.O$.....S.G.?c&n....^My.......~....ZW.R.u.....s...}....t#..........x..''...?...go......;.v.....U.....x6i.k...^...b.`...%..8..Y'..q..q..|......_....9t......(y...c...S.].....ag...A.*.....C..c....<N.u..&.l{M...+.."..?F..63.....0O.=G........3....AD...*.........!...X......D=*]`!DJ.s.Ck......AO+.W8..Y.-K&..!...'I]..u.s.A...:E*.er.(...M.S.+..n.....{8.IE.....,"v.....c......B...mo5Lpx..^h..1"^9.".<+:F.d...sV...R...-p..>..k| ..,.E....I....i..Mo.`}"bEX.........:.a....;8......Bm..g.&A3.lS......@..(C...J.HsB.j,.b..J.X,e6..+[..:...8M....W.<..NJ..O....~*./Bp.."..n.2.......P.@..~........~........~...pA..yYO.f[........1......t....v^.$...O. MY.Yu..&..y.ZZ.y<._..#......xz.'j.]..I2s..7.%{.4zz?. .......z2b.TM.p.,&........Z..>QX...@B....0h.(7.....J.........t...~....x;..^v...<.....;E.<..A<.6.f.E>.`.}..6.|`kM$@..9.gU......vy...X31
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8427
                                                                                                                                                                      Entropy (8bit):7.9768148883325765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:cUuHCnfuL2/FzRls5eMVd8/bNVHGml45PiutgcmbyvXsNBH:cUus2adI5v8nRaPoGvXGH
                                                                                                                                                                      MD5:7CF313CD4442110A356DAF2286E61E83
                                                                                                                                                                      SHA1:3CDDF2C51F1710F96CB7905F1E58A656BEA37B67
                                                                                                                                                                      SHA-256:BF571F833F96ABCA79C3AE90EAD0CA2ED9974178454A7AE8F54609C4914708C7
                                                                                                                                                                      SHA-512:5826F9562FCDF774AB596390AB10F166CB3906AF7EFE9A926BCA12322D5418F29A9DD00F9454EECC130E807669F27FDAC7F1B6E3A0A2A5E59958017D9A2EE65C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.w..]..%......@@...F#Ql.{..c.9...NO..#\.u.....)?....Q.c......3..M..;.~.^?.X.*.S.....D.4\[..!O.BO.|j&..u,..(.Y..t.\.V....v....._.6...-.}.ZF.].._Fo...@P.'...D.w...E::\j...#.n.`.N&...4....%i.-*G.U..p.DQ....\..8.....M..d..A.CZ.WB...&...bf.5..&./...G...R.C..\.E3.. x........KJ...Lt........qg..?!..m. .Y:...*..3.C'.......f...'.j..`..w..\9....i.^.6...W.M...n...."(.q.&......e.l..4.....cc.T.U.e..f...E...v.E....\...[....GpV......h.4.q.Dvk..i.c..7..B:.6.....s"Q.;....-l./.Q........?.....cR.{i~....r(...:|....h.yn>J.1.Wx...B..l....j.y..5...../.*8.0..).l..~...o`......|.'.{?$.......5....%=.K.R.5/.B|..|-.;..=p..6.X..4..SM.Y.`...;..2.B.F..).Y..J....e.].):.......Z"..o...4.'.h|.T..+<i..>.N.].9^.N?..!!4...?~`k...~.#Y.....sn.%...\.(.gP.........k.I.keH.p6K..X0.E].!a.q......sw..L|j.A....z......U..*...H.r4f6...\C.....iD<..D...H..qS.&<...{...?.#."/.%-..c.*R..(..H.<YQ..t....q.:.!....\...-..NM.tA..>:b=..d...h..0L....BH.xw.5+.,[.\.\.a...8=.g...4'YF..`...&.l.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8435
                                                                                                                                                                      Entropy (8bit):7.975915262237122
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:RRjAgihEQZM2XTVWOKoVyI0TQAR8aUpInMDBizU+Q3xscpSnqZ:zE3YIkOpVyQUipU9zU+QBscuqZ
                                                                                                                                                                      MD5:A8B96EB08C5D78033BBCEB5185BC6E8A
                                                                                                                                                                      SHA1:B96C6FF2E1A8D01135B5789F9DA77645946BD63B
                                                                                                                                                                      SHA-256:91CB587D1EE1F24B9015C442B5C30EC0B3C0B453C5E6A7A2372FD9672BD4F462
                                                                                                                                                                      SHA-512:4EBBBDC87AD0CD30503C9DD140A00A8FF7E9A5814F256DE5EDA0581FE86760A7537BC922FE1333D459E765B6EAFEF72861712A29B267B1D1076299D665DD5923
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..(a......g[..!lm3/...n...%/.H.6..............S(.....&Jl ...)..0...~....G....W.5[.|....p.f:..K.B..[.Z....D.Bh.z`xCo..".yav.&>D....{.t...&..-:.`.)&...O.l#..Sp`.h...n.....E...y%e$i...h...N...[.k.......D7va0.ab=!..od......2K}.U.$)6....T.Rj..$.).)f...*...U......{/..:.X_w.vk!...V[.+.xE.....].....XR...(.9:..N."..........r\'.v.A;h....G.......>B|~>!T..@J.%..Gj.......4.%....g...h..l.X..y.l)E2...._.R.T.]z.c.Q....P.I..o.,.?.Z4...z..fD.i.%Z.%......-...{C..cc...-. ..1......sJ.,.G....s'..Q.?..G...a)MRI*.nt..".Q9d...r.Ne.%..R6;..X0.c..d...9...za.S.......]K.^..A........Ln....&...j...Cu.../[..4].c..x..r..<..b..yA....'Me!..`R]..Gu0=%.`5....o.U..A.....|..5..Y..pr.`..Z...o:.@...n>/"#!.n...s.,./..5J.E..}.3...z&.........6..MZd.i.}.y'2}u..ZO~.r..8D.4oN.]MXw.bq.......W]f.~Q..\v.y.R....<.`/T..*...q.7....Zf...Z..K.F..e....)`..xhh....H..v..^.l<.:4.....D..Y7..){V_..`.v..?.Ni..P.M...n.n*+1sH(.....b9JcF$. El88s|..T...w~S.{..>..."..*...H........|{.<....5."c.E..t....d.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.975658891332125
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:P6ZfUmBkwdNzuoZ7Lfo7xlZ9mGu33Mat/3TsCGL6435JGJMY:SZfUsTzuog8PMsPLoR3dY
                                                                                                                                                                      MD5:60394A9D6A0627727D851DCF603631A1
                                                                                                                                                                      SHA1:40085B1909CCD7698270AEA6373291CB6169FB58
                                                                                                                                                                      SHA-256:AD132B9AF38A2E065559FCE4EF727FFC94B03008040B8D48F2A25EA457AD8D65
                                                                                                                                                                      SHA-512:BE39E6469A1E003DF9721999FA329FE4ACC8ED1F0F3ED350A5CEDDD2B759E22138E4F09F2B38A2A5D7886465604AEB035CE05372FA833B6F64217CEA6949EB90
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....P<..w......i.R(....<.s...*h..F..pI.|...,C......;{.....S._a...n.(...Z.>...k*..le...*k...Y-._.-z..".I......_k+y....g.\Bym/.a>...>....9.....>;A2[R...wc..Nx.....$.T..:...s1........wB-..#$..=m..).d...d..,....1J...0Ay.....O.n.r.W..U...0....:7...!8Z....~.A..OHL{.M.m....c...#...#t`..{.<.,&..{..@......YC...q|.}.7..%.c..E..e/Uv]d.#O!u..0.`....A/..@w...tt..xI9.WIN..*.Z.-.G^..2...W..q.h.0...Is3..'j..`.}..S..7W...X..cQa.&e=........t..=...b..v.@..4 .}T..3...X.b.*-(.x:Tc..7..d.p...A... .Q.xE.am..d.....~...=.,.......]...].HO..q.r./...._.2_uw_..n.^.7.Z...Q..^.......<.l..b.$.kU.f9...T.. ~....k(.~d.k.R.p.A.|.j..h#.J..K..#3.vq..8..|..h3../.s..CR..8.?P.pM#.....1S.....n.+.mO.o...I...<D..3....[.O..K|.hz.%.UV..H...+0h.EI...-U.......M..WjA/k.9..Kb\...r}..xL1.?.C.K..L^..B..v....3.&c..T...9..L.....Q....m@`v"Xg....J....vh.....-......t...... .,7.. .b...la....4.N.nj..=..?#.........fu.#._..}...k.-E..f.....Wm|.J....}7.1...F|#U...sG{$.....z\...f.4.x.K..wj.M...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Public Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.976862021436904
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:tHmLIr80YDny9IGtqn2163AKKNzUmhEwAWy:tHpovDnIImqnY63lKNzUm6wpy
                                                                                                                                                                      MD5:1030E547185E9249397B1DCB1A8F7514
                                                                                                                                                                      SHA1:DA59DDACFA7CE250D8CE66657B1D8DB581A20EA9
                                                                                                                                                                      SHA-256:275B61A010AA0EC76469EA228BD7CB8994A1C12FDABE4D3BA516584CC20FB5FB
                                                                                                                                                                      SHA-512:B33DABA756AF4C9BBA72FF3B829240535355B3FA9E869B02520ED04698882D4F5BF172E95383AE0B1370475CCE4098F9BB9E4481D00B4B4AEFDB3CAECC901B4D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.......:.M?1....ILu....}\D...B...T....\.%x....NE..q.xM......V.u...A.}k.....yx.R..*...YC~....Q.U_............k........'..a...-oXo.....7(hI.x .......`..5..(A..Oy.1..T..21J.?.)+[..&.t&.6.....1..osM.%c.w..:A...:D...gm....pM.t..........l$..b.b.yS.A.OF.....Z.m..M..E$E....m...k=..&'.{.|.T..X<-\.K...u.sR+......lKy.W...q.oo-.0.....~.`...0BkN.L.T...r.......'...F..K..TO.+......`.B4Y.p6.p......N..y.K>.-.........9..j.+..w.h)Z...>L...J:.7...@.*K...Xm.R....d/i.....KC...(.S.R1M.m.N>3....>s-..!h....T."...&x.)K.$.d.o...d.rF.2....q...L.B..h...._..~.nt........)vRh.hF.... K.Y.S..e:.......KC.S..w...2"....(.t>x...u.b.:.....@./-;@J....;.#:..%;....~.#dQ.C"}2.f.....T.-r'.p?...aR..*.._.&.j.a..wM....gn..%k...RG~..Al...~..7.DR.)!.Pq.]..}.`..!Q...m..^3=...l.EUb/.....>..{..@...b....l5|........TdH!:..#e.a.....^.....n2$FJw.\..u....z...ZN$D..-.y.=.$...."R.5.......~.fW..eO..3....(+..P.K..;...)t....J.oF...?j..(...vOOu._S..|%...........* ......8.....^Kt....-
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.977583986711891
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:+27D+Vv9BuE+vHz+NmmkCnZfEw+p1D1/6VKH8dQM9U/4qn52h:+27CuEIHSrxfYpTHz4qn52h
                                                                                                                                                                      MD5:972642B13E7C732672AA0C3E3327DCCF
                                                                                                                                                                      SHA1:BF8710B597E11C3B43B90E79009CAFDBFD347513
                                                                                                                                                                      SHA-256:CA62385180E4CE7A15B3F574BF02A786984E10BBEA5445FFC29E95B19CB49B0A
                                                                                                                                                                      SHA-512:D4C78221EBF7D06C58A2F20E53C6522A562FC149C2D43F60C580862CF48ABAD07DE35BEC770162EF6F8E6BD328C1852328918F29EFE70C5CFC158CFD56120D64
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....dHy_...jN.M.fa*...X. .W..~.(..~7.Wuf?.X.~.q.......Z+t.{.. X.......`...8w..wU...cv..~.A-...T.G.`.....'...O...k.s.C....6b:?...G2.....].m.....W....{...jU.#.....}...........W.....<>;%.}7A.r..}..d..b.Sk..lf<....i..G..Q.5......o.*.....6.....V..s.....<=f....}..z=.%......@'L.-.....T.*x.S-+1\...pJ.K.....0..Wn'........m.q)..D......#.....0.._k...S.....).0..7.EH.*.].A......m.2..w.... ,.-.e..... .Y.. ...JV...y54..U.^.}...d7<.\B.]...f...<....)}f|..m.J.....u|,1..f;d..[...^.0.........T:..|...,.ogYJ..<5.{.._...>.W..~..wz.6.//..k+:u<.M...D....G..H0?...q..g.....:p#....ti.K)..>n...5....=R*p.}[..-?e.t..c..`[..t..&9.5j~..o...cAIs......TK.\.:.$.|S...(.>...<^._q.*=D....z....`.%.r..XWp....g3!s.^.MZ.G.......p..lkSD7{."x.......Wq.....!..^`.D?............'$Z.'IIj^....Fj{A.K..s.Z.^h`....F....H....1....PYN...j.\.A.&.*..wEUBE..3|.B..F..f.....tE-Q....L...t....T...?..sMO..#.*..l....,]......'a9.s.3.....J.~......g...O...$..0.........i....%,..B.@+ .5B...8..j.e0.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2714
                                                                                                                                                                      Entropy (8bit):7.929777421616666
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:G36xk/0W48wXkcnGohjRRwj8gx3qhzUKSRAc6Z9Jl+CQtTtre:4ov8wXkcnGijzwDx3OSRAr9Jl+CQtTtq
                                                                                                                                                                      MD5:B25B543C988B934165660E77D6B2F1E9
                                                                                                                                                                      SHA1:C6A96EB47BAA6289124DB98640D909B185607CCB
                                                                                                                                                                      SHA-256:91FDE27C99111BBF0690F011711E2406D6E8C6C034FD8314FEE5D77B5B04BB31
                                                                                                                                                                      SHA-512:D76FEB3598F2FD5A07A44F431BCCDBB3077095C99992E8D2EE97EDF98F78642CD7638798ED6A9EAD724C7C069CB1DBB1F50500EF9DA153CCE94694F78FA7E393
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.s.p.......5}..Z...kdbGQ..J..D0.....(U.V.o.k.........k..Z.q.c.......o *Dk`P.<.W.....W...V..2.95...4._..3.\/2...p...K..4..?...~l........!.I.z......#c^[K..$...l.#L%.....i..u/5.7SF.Z.].}...t.?L]...>.IG..tH.w..|'..*..'..'...Jmy.p..g...#...U<.........=..._..F.....2KS.X.\...../..N..R...V...3....tI.h.........^.z.^.&.A :..*.a.6P..\6....j<...o.u.L....p............T._f.$d...2.%.[.,.WH..0$..jj....H.,.:.4]A........Y.Wf..nl^ (.............q5....O..)^....#QZ..+.......d.$.!......io lu.(...>....'..)..P...".....:.Q..3C..tW.(......pMP\X'.b..IK....O..J.H..3.$.HO...x..xA....S..W..[.z.%z.\IN..b...s..W...r.1_vs..j@..9.P...k..6V...o.w.....G`8..}I>G...hX.nG.`..vtpE.`..[3..*{H.....`......aF.mba...l.:...:R.]9Jq-.S....{.+P...4:t.(y....1...XD...).....O..S..N.{AG....q.......r.w.:.D`.H;...".`f... B....H..5..L....S8..M-|.&.Q.y...`...R..~B.....I.^...y`.Q_.8..v..&...~1H..+.]..(.K.}f..r.9..qe,..7..ilqhg...Tg{.:.4.0...X.......w..+...S.h.n..%.K..teX.W. ?..%a...u
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2033
                                                                                                                                                                      Entropy (8bit):7.9219526759919
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:tDhXes5b7cptT7RvkSUsRyAbRotFwPWuBlI7stMlcOTLZx6nXVVZ7YpFKeU/gCRO:phuCbEtisdM0JBlI7GMlcO2Zxftre
                                                                                                                                                                      MD5:3A938CCCC08B939F251EB2F139ECA8F0
                                                                                                                                                                      SHA1:2D100E95069681C19DA543D4C9496B5348121994
                                                                                                                                                                      SHA-256:B49B17DA490E7492547242EB34FD7A53AF8F1F0E6BACEB91ABDB3D50C3C5C614
                                                                                                                                                                      SHA-512:B135851B6640621EF10676812C25BE7591681E26EC8552DF3DA01D0ABD7EEF6CEFB7BB160E95E90203DC9282638FCEF97479B7EC23D8511C54BB8B1D5758452E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MP.E~P.[....j...D...|.:../....c.R.?..m.P....7v..\jX.i.9..........G....)_..R.a...+..t.S.>...L.......I...t.Y.....J*...8./.bx.?.@..B.8.....m..{.l ..4.:../d... .+.a..A..[../....o.:\..=...(.&...x....v7...J..X.|:.....#6...,.B.M.........P.Gk=.{c).v.h.....'.(..~....^...!......]T..4.<.|O6..s..n.3.../..........(........e!..1.W.d.Q.U..S3.n%F..~.....8..5.d.r.2...b...\.<...w..)....k.:.O.69..../Nh'.S......1.t.p.HlO......m...9..R..3.Qt.5.De8 ...x.....,z.+:.N.....2.....'...@|l..E.O.(..4..oo.....T.\"...>.7.......b.Q.+...(.Jl....s..'..."(y.[2..9%-@0kO2..Z5...?Aq.Z.an...a&o.R.l..s..(n..L.\.8.....z.-.oy1........[..S.....g.u..^.]....J.....]w.|\..7Z..o...J..`.E......_._......."..K.G-1..\M88y..N/...#.>Q.Pq!.*.QTi U<...........>f..O...I.T.....]J.u,..QH..*.....i.h.F.^..C.. ...*)..~.?.H07...x....P.}!Z..N.1.Q..+..oQ.....j..g+......g......7...._=+...X\.t.o..f..zY>i....|r..tc..S..UJk..%.}jlRl2_._.Q...r=V...7n.ZB4,-.....*Q..-............LwhT.$s1.b......,.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2031
                                                                                                                                                                      Entropy (8bit):7.894499138465051
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:BpkWeRQo3xn9/0b9ZTBQpCaOHZ4MqyeMBPHtre:zk3RN3xn9cn2pCxSMqyeStre
                                                                                                                                                                      MD5:B01C46952B1362DF6DC68006F938FD84
                                                                                                                                                                      SHA1:F98936968B431ECB76A193E7E8C423C175926E9A
                                                                                                                                                                      SHA-256:8E455CE8D5A9B36B613750776B0C633B55AD5DED76A854F9269C204C6419B663
                                                                                                                                                                      SHA-512:40D6353DDCF844E5AF848279D60BE826153F94E437456B12225BEC704C1C737F38FB6F4BD19852696A5A9FA75D6B0D9527FC7E7D3FF5E8FD9D072E4306B024E8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.P.x.*....C)EFj.!^vx.....)Z5..=@.9D......z...u?./.x...f.~/bf.@..=..S.......A......3.j.1.A.....3B...L...Vw.Y..\........-S8Zr.....L3...=.....0.g_zv!&..;...N..V.F.d....9..b!.......x......m...2..B5.....E..ut......Wy.cc.:!....@..........O.rZ.....-.[.X.h..H....t..G...J..V...........^.%...C>^....5...:..?...F...3sd.*...>o.ig....DON.}....(.x.UGx......K_.WZS]...B.iqT...........B.tf.f.1(=R.5=3Y.%.2....O..]..qS.k.x.+4\rC..L......OE..D..'..*..naz....WSd......R..-.......4...z..$+...x?2k:.m|.^..).......cRPQ....uX...T..n0.\. h.q.+...P...$.....\......aH.2/.&c...t.....M.@.s......._...o'.k.S............s.D.$F...Ii..6.h..f../.."n.....D...%@[..2../.w^..lmu....n...-...0.._.o}1....3..,Z!..ci....0).........C<....%...P..W....N..t.4@*.f.q..NE..S_GQ.]V...n.@......Y`t.0.....E...iMVn..=e.Y+).....g><..*...R{.Iy..u..j"...Z.<.8.+..........(...u......./..q..P+...{. ...E.......f...*.A..=....T.Ziy.RW.....`....I#..N.M-..'.M]...4.ko.."L.'..:....G`./[........ixq'G.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2035
                                                                                                                                                                      Entropy (8bit):7.911606779711578
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:6VWrKqZyBGpL6NuFNvrOWtVbimC9Z3q4fNfeL2uk40L8y0wgtre:6Mp8BGF6NuFNvrOJZ31NfmpE78tre
                                                                                                                                                                      MD5:A86A44C89A0444B11AB8F271626E293C
                                                                                                                                                                      SHA1:FCB1E372EE3E6496593932CBC6BF2615084BF225
                                                                                                                                                                      SHA-256:6091726EF2E3F01AE268D31A869F224637FEBE20415A5F94888D74736C4A747D
                                                                                                                                                                      SHA-512:4E0010E6DBD437969C31DB6BB5DA2CE03D7619F5F567089E38F4CA25920C1195C473C63328A13369C23061D43A1CC1D4F869E9D6058DAE1EB0C17CF275716F27
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:B.]......*U.:V'.).X.Z2.e..hU.uI.8jI'.......-....m5......j.wf,....Y....I.....a..?...eWY...........t.z<i..U<:....g.7e.R.}{r1.P.......S.._..f..Q..".t....*.."..,..m.ZKs.....g..*y.;..y..L.^..~i.."\.d...T..N.J.......M..3.....n..vX.uY....y..K.8..6.;..%.&....i.x...d....$oU?h.u...u..l.8.....m.|tL..Ns._..1^'.K..E*..h7}K..Y.3.......h.v..(..cwy.)23x...c<.%<..[e...J.....=.I..Cx..........?. .y.....l\.9....b..v.rk...W.5...H..O.....:....S|6...|...V...K..T:....S...6peI...M.....*m.z..Z...D\.......7c.Q..0..y.....R...V..}.EE..b...W....d..C]b.....x...s-....,T..q...'..5k.....^.6.....BWz9......-..........Q.....2...i.5.....r..t!..".t...+.....)...L...$.za.....o)..k.7..\...OQ;...z.t.P .WJ=M...t.e.d..2~J..q6....B;.e.,J&....5L.,o[.X.q.....p..m.Iy..`...mj.....Q..........y.A.>Ru...'p...Jv.l.n.z.s."..tHszb.+...f.x<.,..Eu.....}...y..K.....[nlAuW........<(i.|..w$ho.y...{..,.YJ....0..2..R1w.}....M...=[FM.Y.u..)..`.R....G-f......Gc...(b..b^jc..+.Ks.:...H.a.{D..G!....u...y...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8152
                                                                                                                                                                      Entropy (8bit):7.976246390592779
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:EWPLWXxJQR6frBQ82xb149ylFJLBbcWzMKLOnIJXm3:EuWXxaR6282DFl/dLlJXK
                                                                                                                                                                      MD5:0C4B9AEC9EA8FE3BA29B7B4B448C34B6
                                                                                                                                                                      SHA1:39DAC121913F7D6769F547FF97C08E0356BED90B
                                                                                                                                                                      SHA-256:90D8E622E4264ABC1304E61C458DF498ACE6FD826D43A84A6E9845E462DDCCB3
                                                                                                                                                                      SHA-512:0F1494452ED33062164FF3FB63573AA8B680124D8C288B36BA6EF98B0033E49F1EF98190E0F91D58016AC35CFFBF4FA8B4252D9DE6B78B17F096255757A36EF2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Zd/...iX....WMi[...4NK.<[...9-.......:.+.g......f.....5....=;k...ZN=.....Z.Q?..w..V....#..4.'^..t5n...}5.LLx..3.7_m.r..l=T.....7...7B.*6...X%".2..n.../>Y@P..&..Z2.[.$?.~.6O?....G.|9\...!...*.XAx8o....M.k.yG..L.......2......1..J..g..c].5.7......T>.M.D.3.6...8.h.Bh.^.!.kl.u..!..`ML.Q....C....f\p.{}.....3>.X.\ti.f.G..^.5..'&.}&...xz...0+.9F.^......=..H.7.N[..N.....M...-......b,.i3...@.Y.A......#.....l9..........7P6.........f.n.....;...j.+...Ph..w.$QRw.h..|...s...1..!......0.0...*+8..^..@6B.m.g5.A.....S?.tP.W.]...K..j2..`.u.g|}.,.XDsg...Q.j..0.\.c}....m.......V...z..Z7..o;i..Z...T[I.v.e.kX..U...?G.pT^....q....7..Y"Pq...._g.K...%.m.K.g."..t.-..;A7.e..~...*..0.L.kc...a..p/8.C_oh./......Xtw).S.|.s..F1Zy..X-....5...;A|A.)..l.W...Vj.F............."T.S..J./B...4L..iA.)q...a.5.5.......oU............~...ws...-.u.>n..l......%.k...._\.".&....'e}.e.D.@...PN[...W@/...~u-..xvh.....a..8q.....ts7....w.Se....i\.8WT.%.k.@...~s.+..t. ..l..a.z.~...-.L.j.....C...;...J
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):38136
                                                                                                                                                                      Entropy (8bit):7.995638780653245
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:6uJrkliQp/Vh4IlGCmLuGHS+aDlX8gcO6Fnr+wMImq+tqyLFW4A15vktPUSu:xJrsViI4CcuGHSplM44KwL6W7ktMSu
                                                                                                                                                                      MD5:6DD19676036ECC7D1860105F267F23DA
                                                                                                                                                                      SHA1:F9203C16B382C607A3A3D978BC31EBA5D7A3B051
                                                                                                                                                                      SHA-256:FE6CD9AC00303596F79E4604B53EAC222CFFF2A37EE78F07273A43857E8CDFF8
                                                                                                                                                                      SHA-512:BF5FC543311F1E3BDD88B2BC5CB378CFB06A66E487C5C37B334F67EC7208D68DE79476F7E7800145C7281560E1A6435A801686969953C99D312E9855E37B5083
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...]aX..../N=.o.....I.......y....n.p...g.z.'a....0..\...l..{D...y.r*(.]-.I../.j./.y..b.&.q.=.i.....H.I.6j;.v......AM,o.Y(...qd....X_{}D.e..Z.q..OM..:..m."..#.:f..yk..}}L........w...2{....6......N..{.._...K....f.J...m...F...*....+..;{....1P..[..0.5\....*...m..Q........O.$...Q6_.,[|$...S:&..R.+...Uh.y..QRA9..gV.jm..&.;.<q..^h.......c.e0...<D7..Na.....IK.^..$-....,...?v...<(.ti%.o...o.P .qX.i$#EO......K ..Sp2k.O/.z.Ka..B....(..n{*z..f........<.....#^..l..!.&?..D?.RP...).&...P.....33$."...i.KL.#.q.xv...w.0.i.w...'..H.X.y...FOH..w..s.].`........-..Y.U..+*.~.U.7.L. B...v.-....w..5..z.._..&."q.X..G.C'........J..GC.I.....7.%...K2,.....7>.^.dP,s.......ME~..Ei..........U...pF.S.2.T....Dm...~+.....H.......Y.....=..........Y3...)..c..;G...0...:p.y`...".<.r.~,<..:.4.E..*..a;.#..Y..[KV....H7.tc...'E..\S.O~M9ZcZB..h*`t.....#.*d....z...~.!..=..!.5.....Z!...d.LY{.....u..M.<..n..O"H..$.~..`.I,......f.N...H..{.1L..T.......Ok..#..n2.T1s6.>.@.=.m......
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):38413
                                                                                                                                                                      Entropy (8bit):7.995942386888677
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:zbieFYOBajgzcV9QrUmHtiDYBIFeTGg90Ia1ngHlXCIyRfUatH26j:fVFYjgwV9QTHticBIIR0N6HJCI8Ur6j
                                                                                                                                                                      MD5:C97F570B3FF1248EBFC75E96BAAB4191
                                                                                                                                                                      SHA1:2A0BA0204EA0AFC1DF47940950686B18623ABDED
                                                                                                                                                                      SHA-256:5B4E49B8B282EA4E6A4D387DAB8652178250DA8C97AB2710423C77232CC6D752
                                                                                                                                                                      SHA-512:B162A220F3BCF3927EA6D5826B4C52E41067B81AB0F1C107C28D1189578C3531A046A75D7C38D1AF059743B8F9438508B6ABAFC386EDB07FF907A5B1B546A39D
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:X..7............TY...F*.`..)i...f-.q.f,..;..=.....M...x.z+;=.........(=@......"......c..ZN).l.$[..xf.....%..5../8b..F..^.K..7.t......;...d.........1.v.g..b..~gf..(>.u....f..D.....2....f.d^.f.......t....I2..%.v...A......h.`..a.c...c...l....D...6..XEg<..[.Q....`.....X.L....0..i...8a.f...a......UUW./....ix.|....Brd.{...1S.N@.1^6...%.=C......~.Yy............].S8...R..(W........s...H.r...'#.JT2..x...A'...|.?v.V......H.....6....;>/X.t..,.D$...............paEvK..Kd...:;?C.....|^.(.Y.l....1....`1..u....T..O..;....Ku{.Q.P.A.=....).b.].4..L8.p\..^.s\0&.....{..Ld....Pl...Z]...s*..=Wjv.s...J...,:.8.n...t.o..:0V\*.S....3.(.....]..`..vQ.V!.....g.t~sf.?...W.P.fK....^......a.Y...o.|t..+.V\..m.......D.....w..:.].z.u.d...b.s..g.yV.5.K...28>.0q@?<s........&d....w.W#..nqf.3.y[h..c..O../n...4M.*c>x ..=..q.WX.,`p@..B..f.#.X.........Q...;M.H5.U5...&..\....}..}+tN.p.G..$....B.W.G.B..=.nMOl....zX..."0..Jo...A...8./F..Y.W..O...:......|q.u.j.c.....I..`..V%.C~.A...]+..k
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4866
                                                                                                                                                                      Entropy (8bit):7.9685434018540855
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:q/PIHyYyXiAhFYI/lTykYZgQAtKH4DtJK3Fg7QwuBH75CJ2oKDwHZKTTtre:q/jlXiA0I/lTIZJN4De1g7uBHNokw5/
                                                                                                                                                                      MD5:92597153AC6F7690BEEE61E323701CDD
                                                                                                                                                                      SHA1:8186BEB07488E1819CF74645886BB60AC18201ED
                                                                                                                                                                      SHA-256:2442CC0E94C15884110C2AA7B69FD87D03823D2DD7DE6FA20C0313FC75F5D60C
                                                                                                                                                                      SHA-512:C540CE7AADE361BD9205B523F06AD072353B48DA46A410041C0BDDB71E441EC9A6DFD8C6698A0D0C75C940FC1A1D3F79D8812B0130799C6A0E0ED909E7DE0DE7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...S$5..o.=.Y...F.5........+l..............I.......Ax=O.X..4..l$..".....u6....aa5.....Ce....@:.[~.{/c.T/.mR..ekG.....O..d[.s!..vD..B.....}N.}....7./.3.J...K.x..f.ixm.....Vh.6.Q.db#.V..m.3*.v.>.".._...........~(..1..xA..g.r'.:e..O.+.\J..........#.G..l....e.)... y.$.ol.8..kEj.-.Q.]K..".8.).=.Q.".....[L .A..k......HQdUf.[&.5g|.HVG....L...0.._...~7'....#....Gm.G|,..#..<ex7.......gB[#.jMW"...$^..y...j..!h!-;_.'....g.$.............I....FblYT=...2....'-....JB..3].o.O..J...M.H}..2.|6#.S0/..\....i]..m}.6............L<.~.....c..H...t..$..}.0...B......}....`3....c.%Eq!..0)y..@...[.y...F.H....P.vB....}.u..)P...`..s8.'.....M}\..r......&h..G..%XE......>(\o*r....v*..K2.@.o.O.O.] w9..Q.....R.d0...D.r(~.......t.le...H.KV.Y~.7.Z..3...y.Gs.@..V.[.u.t...........s?.Y:.....M..tu}S..m.r...^...#W,.@.;.|...2..C.Y..V@`..z,...B.....|.}..R..0R.Q.;..[....~/....l."~../. }{....~+..._...*......../MX....M..gU..1.v...*..AV...D.+$.'.C...i_.-Y..J.........km./f.......W.&..F
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2032
                                                                                                                                                                      Entropy (8bit):7.9224982634111845
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:QUYm1QlMrqQcskXb14KO9xM2W3139adUWRnUmxJjTaKTtre:QUdQlZQc5ba/KCdUWFUWaytre
                                                                                                                                                                      MD5:0FC0EB4F48D689280124C6B134BD86F9
                                                                                                                                                                      SHA1:50166F99F77DF03EB5DEDE6FFA3332A9FFE9B425
                                                                                                                                                                      SHA-256:5827E56C0DD28ED92E8288026CEED77F0D79A33E13A1371025F1E805AB4C231C
                                                                                                                                                                      SHA-512:FA7D3FE52E5B7D9B47C8D3953FA8793D5C3CFD85D2F58AF112F8D8DDA78E520ADAF665C22B027FCAE0E43751E18EC890DE6AF4A5AB44DEFFD0B112861A90EA88
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:U..}^.v.rW.m..A....`.....v......`..P.f4..3....._.A...B......KiQl.:a?m;p.@f..#...si.}~...#..N.\..;.^=.^..,.A._8.*.{N.jP.."Ivm..g.......*..X].k...D.....S.xh.e.jk.......[....-..y...~.J._mz_..'M.6...... .+...b.1g.m.+..Z.Y&.f3.F...O.%.+C?s@......s.B.uQ.:.....j..S..U.....%. 5...AjB..8.&en..o.a.`....2.K,k..GGA..y`'$5z.kw.g.....E....8B._....Xv..*.d0...Q@.0#+z......X.hi..dN......0Co...6.._9..k.W..5...'..b6..b......g...Z(.c....^`.cS.....U..T..A.....F.t. ..A:....@..........D7.{.)....J...8.-.<n.......G..>.XGj..?0;o/.......E5.w8.C..fy..}..].......c..W..fug*i..(...'...).....C..KY...X...SO$.......R.,.0tq.t......}...6y#y9)v.t.m....oeKD3iF.p_.Q4.p&.X...Iq..O.-...e4.e.y}.m.?S.6%5V}PI){ms;.4....bPy....lE8J......d....."$d.J...%`..4tX1.....-...........JR~^.w..6.m.....Q.\.WC........x8,...|......Z..!::...J.D....)0.....$9..w.F..V.ECE#..k@.l.-.C.s......U.....t.#%.6.&...2....s..l....qcY..1.._...X2.T.-...#.?G...3.....F(./>.^cw.=.(..$.`.u..!2..P.(-.c..e...L>..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2033
                                                                                                                                                                      Entropy (8bit):7.912058026418493
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:q1RURxgk/7cb+psY7/TRn7MfKXNNaWO5x7l26sX28U4jatre:YRixg627YbSfcXs8681/jatre
                                                                                                                                                                      MD5:674A1F0DB62DF4126652DAE8F8B51A7A
                                                                                                                                                                      SHA1:73E5329414662917CF8F743922AD48F32DD25D65
                                                                                                                                                                      SHA-256:D8C421BDFCCBABDE73F7FFD0CFC35A8C41F7DDCAA458741BB10BDCA1CE9A5DFB
                                                                                                                                                                      SHA-512:DD65F8E075F39BBB6B34A693A2E327B2B88D8A595B4A8AB0077246C8C12C2CE548B0C1B837BDE0727753A8DE766F3730D66D301E87D3B9791859DB372B04B5C2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...anFj..C..D..5..U)..b...[@X.|..~......-D..q4.t[)=.....J..U.......7Z.... {4@xi7bW.....&J....;B.*0.....Hh....R.g.........u..Z..V....,../....u... ...N.f....I.....l.Y.....o.s5.7~.Qk...i.t.G.%.4-..W.9}Gx...c...9.......|....;..!..0.8.. .g.....i.Z.'.1rS....Qv.y.5.w..U..jjn.....:.aZ....>.......0b.3....M...U..........{HA..../..B. .O|j&.........|%..:...b9.W..p.R.v..N[.jsn.y.C..^J...".tz..eG.;.8...9....h.dOT]O...L..D..<..k..`.]\.r.I........=...1q..z.Z8.C..K..U.....s.rX6|.........W.Jo..h..^..W<v......L.YtNb5-{.d...T.@.....\(ZeO.Ok...%f..AA..B)"..f...].@E......b!PaR=../.^.D{DSf.....E..;5.B.az........{.fLFn(.@wv......{.*[...Z.qn...s..'..Zk......[.L.Q.-R.S.G.X|.....v..{.zb8!.?.By.N.{..Xo..[..K....H).g..-.L...c..'..yK.)2...a..k.jA.....x.v.MvW.G.....s.UL...$.oJ.k...&..Ex.:......6.t..ilt..Q"B.7.i^d)&...'.....<{L......./..h..+.J.,C=F.1.f.........i..-.i...v.9..1..k.c4.......lV.(.\..`.f..?C<4.q...(/5../3....p..B.B.m..Rs..0..(...eX.....r.@....f......C.q..H.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2043
                                                                                                                                                                      Entropy (8bit):7.9129399999086605
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:i626HgD97a7VyD1BO8B6rXnQ4TXgrOpMtre:i6Oh+7VGBdWvItre
                                                                                                                                                                      MD5:4D252E9561B57F3A817C0252EAF64F11
                                                                                                                                                                      SHA1:99A1FFE4E78A531B8D101FC21A0973539D2909FC
                                                                                                                                                                      SHA-256:9719465ED9CCA391A50C3EF8B09D399CA718FDEDD2B164C36558DF2E18559DAE
                                                                                                                                                                      SHA-512:CCE55522DDC98F5513587E6C534F494A810C28ACFDF1C61D8AF19FD1CB4051220070440851BAD5EF2196AAEC053BB830074B45519ED3A76374532B1FA39A3A95
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.`.zUx...%E..o .{O... .B}l#...28.hVp.*....O.._im......(..D.\.....T.dHq1..2...AZ>.#....ov..hK|Y..Q...-...<Wt...C..7..D...;..9~.@....C.70W.....[f.]lH.J..l2..M.`......O.q.6..9S8b.# ..C....P@.x..<.[E....J.6!.\u./m.?c.....o..V@...8B8.5^.'q.Q.......5..].L.xo./.4~<.....J..?S.`.......K......}.a.O..x..&#.1.u.<K.;*}....;.{.7.........Y..-.8....6a.....j......].....7.P.9GS....,D_..S.r.w.<...........2.+....h%C...?.h...h..b:...R.D.....0......t.d......9..9.IQ.oMv.:.S.n^..............4iI..W_...v;..~J...jg..pF......*.....Vr..c..8+.,..f%.&.....V=.v.._...a..e+8M.m.Y...l...j...w..].n:*.....ym..j.L.!....k#...g.|!M"..m..X.h.#.;e..$...h....e[....*3)C..n...x...].w..Z.G4...[l'..(..c8q{..p...gj.9..@.n.........a...@..Z..t.;..!.&).......ia...U#.O.:.K..4..s.m.H...^N...).lcZB5I......C..?...... ..gQm.R.*..Z...C_..rku..l.]T.w).2.!.'..N/[T.....,.2r.Y9...em......v.. 3n1....v..6./A.q..l\)..;.<.i...v....V.#h.Fq?.Z.7}..aP..KQu...`@.e..?.}..........rr^.Pt./.^.!.5E......B..s..}n.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2046
                                                                                                                                                                      Entropy (8bit):7.8956685822768105
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ag5L58tktHAq1DjwgWkhdf11dmO4g8WUNtre:aeL5OkFAcjFhZfwOh8zNtre
                                                                                                                                                                      MD5:F004FD00DDC5A2CDEE10C0CBD1C08F5F
                                                                                                                                                                      SHA1:FDB601B831EED487C0214C0169695AAAFA7DF27A
                                                                                                                                                                      SHA-256:ABB2BBDCD1EC3BF4D931C44A9BCCA5DB5037C5C03BCF57BE88C9662B1BD77936
                                                                                                                                                                      SHA-512:53ABE8B48930353E1B046D856BD0DCD361299B57573E1B2DECC7F72C77A6A30FF886B60D5B004AED19B271AFD4FCD06901C15C7C6CB33EE8006295C0E16D1D81
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.s...0..d...^,...n.F......A.n}~.X...._.OM...{...\....w..];....#...w..9 B.m<..2....*YR..]....e.R.U\....l....u..S.&......}+..^_...X6..,.L=s...}.x.A....6.......'.#.Keo.;{C._s.C|....Q...A..:E..A{....P2.6eB.`...xU.}.u..5.....o...y....w[t...g..,.X....P..I.Q..m ....|..V./.b.;..97f...Kj.5..Np.4...}....m..U^.b.:F....(...9.@.......H,.M...s0$.`vGR.`kqzr@-{..!.N.......N.E..y.Q(.k.q............U...r..'.o....D....^8...).5...%d..k...G*_.l..R...\...:.y...Hz...I.Y"..y.r..J...U...d...H^U..'..w..:iB..}.]...50...].A..i..a.j....+..E..{E.z..I..G0....A....9f.P..EK..=...<.0..g.TY..P.....c....)o..zp...v.G......Y.....Y.....\.p...U......|..g..'k.<u...M.# .<.....F"".........tM.7.../....<....d.1<.nA.N.ubr.{.c41.5...A.S.u=......xKFaY...n..F.@..p....b3.k...Z.H.....}....#^..1$4..r;.i.2..`...z?cV)...5.....L......M....q.w.f...M...Z..{..../,.G.....V....~,.P..YdWz...Y.I^..v_.........$.o.G....3......6.`/I.Y&}.^/...Y...':...!...4R9. _.R..w...<yEUr....>.....2.(.....]...9..~np.|r
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2042
                                                                                                                                                                      Entropy (8bit):7.912817662371928
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:FHwgJGz/R3/rx/ErFQz/080VfhE2jG2uM56b9Nazl2AUkGsNfJTX7YK60Jntre:hRsV3zxMm/05fE2jz5ENa5FpJTXUK60m
                                                                                                                                                                      MD5:AC246A881D561EA5E99FD6334DD66521
                                                                                                                                                                      SHA1:E7DF1075D1F26271F31BFC5340B8420FECB10035
                                                                                                                                                                      SHA-256:A2A3306009F2FC386E47390D91D3CF663D397999D8656E535BD3F422C322E529
                                                                                                                                                                      SHA-512:D23C1274AC5605F59FB556FB5C4AF2859BD6F300AD13EFC973E5B191C6C0F91AF14681E03FD65221648ED8AFAEC27E921B3A64BC3F8A3F4A25D32B7DC61EE95F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...~..u...tG....z..........peM....,...+.....I..{...+I..3......).....y~.w.].f/..g*Bv.5+...p.#7..R....L>Si.......;. .c \.dL....%O.B..n;...Zy)...#.T...&.81H...Xd.rV....4....c...ap.....&.6V\9.b%Eb..L..3.h.y..n."..h;...csm@.f4.!.o..V.....?.fx...P+.h~>d.f0e.a....r...v..J.4.k.....q<...;. "...F.:.U..JJS<1......j.l.=..3W..i...vi.N>(6.h.a.f.a...%...b..+..e2.\2'......f....ag_.8c.f.'(w....@...t.ns(M..../..h...A..d.>.....nPss.C...4v...b..G.6..K.p.wqf6R|...N...,a..-.t..\S&'.F7.D~....o....v....auT..L.(....?.c..W..f..3..JW.EI..[\.i.f.Z;.M.W.Eo..pj...x...C.p.t7M.^+Q..>...X..[..q{~.i./x...&.i*.%...K.3X..5..F...O7.}eR...e...'..V.#..S..|....&..w.<....J.J..hc.d..:n....=j."svRF5.3u.%....#^..i.H....V6..3..|J)A4...~9.*..:v..RI'....A.0-b..?vR.....h.)R..r./.j.4.v..d...b....U..qd>..d....E?..x.y..8)J..m....!.V]=D.....es..31>.Y.uj..._uBWt..F........[..A....,..$.........qy.on2.2{.R.S.T.9..>b.A-.v.~v!....t.u.,ld4....-1.6".^.v...82k~.5Y.1..e$....~Q0+......V._.x......!18
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2043
                                                                                                                                                                      Entropy (8bit):7.912347789850064
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:/sgaeHhoL8ZV8Ro+AJb9RmVeaQgYo3zCxwUibLEdS3+Uptre:0gaeKLmV8RvAJb9RmAaa6owUibLEdSJU
                                                                                                                                                                      MD5:E64AB5C7AE267A4995D80D6050FF7C26
                                                                                                                                                                      SHA1:940C1F6BD9FF7C3F33078E1833E1E51E96FA7E84
                                                                                                                                                                      SHA-256:45A7700D7A45F537220AD52D787CA68A9C5BB471D2419B2A3236D564AB6BAC6C
                                                                                                                                                                      SHA-512:EDFB3AB8E4AD4C616CEB4BB1A40D479FCC8E4D91B028DFE451122C6EF888FAB2F768C41AB8F54E037FBDF39ED753EE96A930FB01F20F75FE080B622282FABBA2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:./......n..g......Pv...l..?..s...JA..V5.a.U3.N....D+..m.fj....k........S....9..T.|Z.vV......:.(...9xv%...-..(..p..C..jri...I...u~x..E=....W8.....{...P....{&a^....'....M.J.v..e..{..../1.X...'.ZU.Y.,.pJf..k.q.r7.......K.....'..9..o,.x..N.a....Q.s.!...v..26..~8.%).91..rF..&...z....t.h...ma.(.^.x.u..w......)..[.....I.(x....R....ZJS4.H/.....<...^.No........2dNb..8.8%.U..J..~..a..........-;.....Q.x..Dd.."....v..$..y...V+..A.X..po..I.^E{.W[;K...._......:.`. ..f..1......I..z..4......n{!.E.1...q/......c....)..*......av.eg{..c..Z...b....li...k>w$..X...bo|..|.../..Xd..........;....@..U.....+........'..v..]..."y....g..M...3..G.u.Z.N#y.,....ci.j.X9....r.....zk..{.....V:N...r....*....S....s]......Y..."....40W.!.2q.|%y....5<..-.c..u.9.6.J..FN..cE.W-..d...j...P.M.....=L...v...L....~..... I.}..N...R9.9$..7h.}k.k...T.2.&.....qc..Z..kG...<.,Q.......$h.:B.~9..7.6....6..?..5...2 .~.rV..Y.P.t82n.z.|F...n/.......D...kB...kz?..`..{rI.....L.b..$...".k...mY.B.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):262383
                                                                                                                                                                      Entropy (8bit):7.9993677652163875
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:y4QtYDPVUhd9f7YY6WTJ1gdXda2mIGIHDk+:jANhdJn6Wl+1TGKDr
                                                                                                                                                                      MD5:FD55E1F0B7B0D53C4B0FA0EC2217945F
                                                                                                                                                                      SHA1:F5AF47657D454EE8D468FD7E5BE9C3828E9A8C45
                                                                                                                                                                      SHA-256:57D363C2B8418862C4EA5CC68560FA33620B67A1514D2CDCDB810F1DF9D5D560
                                                                                                                                                                      SHA-512:CB5AAB25354376CA17BE47DEB61D74F6E7D11D3AD21B143C15A0AFCB3CDD26662787DE98644ABBAA7ABC90CF49FD2BF3F198AB19D67558492D68B47A782D8ACD
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...C...)b'.+....$...j....ua..F}.r....^...e.......X.z.7:...uj#..9..C.Cy.6|....w...jz....#CXh.Q.].bh1|...@5.3..J.).|ct.. .=...._TU5..\.m..7o.p...c....h..3;.5.._-.mW}....../.Zs...U;....3.}...."<.5.....&X..c;........(.-.!.<..C.y.ma.Q.<.>.G.4.^aE.t..0.pF..D.zV........$O......Y..&.F.*.vm..P..........@.F.:.[6U.`.9....X..T....."..v.4Z.=:.o.u6.[...n...-...s..v...@Kk.........?/u.y..*.yrzY..o?.....X7...\.<.C\# Ta#5...b"_BnL...t.......".Y.^L......\.lMZ.:.kCW.rQ......V.x;;...zk./=..j..t}.k..2..W...3...i.:...zIJ......9...h.a.M7..b..`'.9<...E.b.;x.*C.2:...-...l..M}C.%!..P..D..........r.O...r:m(..n...p......H...4..yZ...h....x.0.T.r .x..V(..=.7vw..m%..M$...g!G......]......K....$.QM.Fv.@.8y(..<M..^.;....We.V.["...h.Rf.@s.e4.b.}/.....j0........x^.$C.....AwB.*J%y..r<#U.o.;.J.[j.......y.v..V.X.zD.....M.l..f<:=+.^..XH.../.".T.....!.'{us..0..e\.tp..i.q.S.."..........0.L.Fa.\5g.o.O.8.Z.'.Z..=;g......1.......%..sK[.k..........C.......T"'h..5c.5(...g...t9\U..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.978025799880116
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:W4c0DqGlV2wycsJpLcxwTHq4mG/vS+fhpYxpfunTFjZ7:8BGLvsJpLcxyrnS3xmTFZ7
                                                                                                                                                                      MD5:EDEC55322733B0938F8DB3C28A5D61A1
                                                                                                                                                                      SHA1:7C4F7AA70A977F2E57CB65B56121C86214C564D6
                                                                                                                                                                      SHA-256:E5079F50CEC86A271465C5507D813EFC9344462BEDAA20AF13621ED8CB8D9CC6
                                                                                                                                                                      SHA-512:111067AC8D986B470E94D2A53CE7557459ABB379778A2E47B5FFA784B722E811C940CC5B08071C65752613CABF1D22B2A06A05CF3F8717E02EAEEBBED2C830CE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.%..F...O.7.EQ.,...uQhGT..g..a.....F5.f...m.....@.g.A..#..x.fj).N.d....T.........O.y...s.....R.c&d..6@..L..tX,xSG.:....++.H.X.!..<@wGK...!&..q.o...F.|.5[..AhH.m3..A.....m..gx...E..E5.%.......H....sj.:.|)......5R..._{Q~'L.^N)..Sd.........K..t..I..oD..7.#p.n:'.....<D%.:/A..#..!]R..!9..E.S.:h.ih.V..=9........x+...:..p$..s."d..R$x...uY)^|.;..."..9..v"..f.y8.B.....0.-.Rk..5.)m,.....cY. ...j..|I..J`ul|.+.G.>..i..c.0..V..+..........^Ue...#.y... bP.&....,2...LQ...*.z,..L2'."..9...A.N...J.g^;.....Qi_..z5:..Y...>..(.4..t.ZES.i..{D<.\.S..._....O"#q.8.(j......|x..........p....c>[..s.&\I..EH.]X.H...s!$..Y.b...<....%.....n.......O....%..a,B0...<..}.:..O..jf$f...g.._.4....a{.....".9gm....[.........r.............x..m.Y.>u}....&.{...q..../..E5....H....}.....f....V.;/.G.*..".Z.....&..."$q.m.m..f..P.Y..Wm.9....8.E:..............I..TF....$?X...u.j.........q..h.j..Xt..I$0.T.yj...!t.Wo!.....w...]H*....2SpsIu..,...Q..=m../....Z.....+.r.=......_..[%x
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.978064840771466
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:M9iV0svlffDTlX1tNpuEujIt3nkh0knDQJ5ViTV94:6iV0s9frTNtpuFIc0oDEwTVm
                                                                                                                                                                      MD5:D401EFEA3A73285DD491DBC278E3C473
                                                                                                                                                                      SHA1:44AFE0B94C12136E62D815B99450105327B473FF
                                                                                                                                                                      SHA-256:75D6D6B0D6D48223CEEA5EA960A51A902B9D3E1A64603E2B7CB6C94EBFD7F8DB
                                                                                                                                                                      SHA-512:6BE45619D37046A365D89406AEF06640554EE111006E9D3113CBFEB6EA5691FA0B0E27B58856375647045A5A931995105450605A848E996C42F95D2F3FC82260
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..7.8....7.oi0........Q._..\......o........24..?...R..r....|.z.vUE?........^..5...b.^c...0.J.r...2.x.[..E.....U.TY2~..-..q.......z.4K.+.qE9.c.!s4.Q....u.S.$..6.6.6.o.k..b...6..=.\..:5;..2.{9...=..k.N.TF,. ...r@.u2.dF>m....y...w.M..Hf..m........deJ.....U...p...x@....bJ..._P..Mo.a].G'.3\v..~x..m[...:)<CUT.{..k.C;.e.....^.+I.eH.E.......-...r....c@.i.i.or.J7....1.q........Y....)..z.].a.....Od...Im)...."...P...m>d.8#.I...).js`_..h...0.i.....l..dF......=..<...6..<.._...!k..!...2f.G_^A....`.P..aCu.4.WF.Vz..8..Z.TpD....m.f.I...l".ej.E.....m..bq...1D+.Y....|..D...5...v..7...B.@..!xq....1....3.Q:%.'...T.yl.....*..O.M$LN.U.=.9...l?..D^j:..I->.0.&.e.@....8gY.|.v...K^&.7...q'..........=..9.....X../hKS?..9.Rj.V.$u4p.-........E].../P=.*...M{..u.~..f....x.d..X'..:....@U.N;g$3.=.)..m....Y.!...Y..kU.>XfV. D.?..?..'..7.$..k.]..aP.._..,Ih.-=.^..x1.QY...NY~....N......zH..E...3.uYI...~.g.....A9..eI.83V.sJ_.^..._.{...XGl...4.5.'..3V....M.....0A3.....N.. ....(D
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.977713234229077
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:ElmMt7NzZRo6oNRalFODEZD92RO9+/rAqweUD0YW:EEMt7P2olIEpgOY/IBW
                                                                                                                                                                      MD5:9B8448C058837BC84BCBAE1A8E65C622
                                                                                                                                                                      SHA1:E039A1F808EFCEC5079AFD756F101FF676CCFE4E
                                                                                                                                                                      SHA-256:85B0611AF5B47A0D47E4ACCC658925F6ACFC3017D2F693C663DA77B91D5B031F
                                                                                                                                                                      SHA-512:9636882022A20C00B1DCD5371991CBE4BC99BD796776ABAA5AEA2091ADC71EE6C398A50AFF30AA24A8FCF5EA944C005AE168DFD46CFCE99F981316EF01C72F5B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..>.Y.....LT;.\.(...<.y&..../.\a.Rh.k...".#. ........N..e.x..g'o..ut.VT.....K.N...^C.%E....W..Q...Q..=...D...%W...a.....6....'b....}'......w.u%...8....Y..M..N...|*.....8.e'......;l#....,.f.....F{"-R.~......s..d .c...c.o.....T;..."f#.%^......@..)TzT....L....kg..K..=s.b..........BD...p..E....Lj.I...j7..r....5ECB.H..Jq..TL...5K...M...O.h..9....]-..........A`>.p+V.c..c.....I$.D...oZ.epP.....}....b.;.....:.. .......Z...6.QB..O.E.#..&Q<.m.N..h...r.4........D.....1..G..-Q....r.......^.........r.X.`........#..3p3....@.........rC...../.2=..%z8..\.Y.YL.J..9 *<.....4...(.!.1Y$...y&.2P...X9Q...E\...A...G.R..t.K....<.....q;..p(..SB....[......H&..s...b..3.....C.T.%..........J<&@}.@.o.+.....WM....].cq..'...T.m.h^+.a.?....'.N...8W..|!..;..y../...$\...".<9.*V.9......i.i%....>..~...X...2......[...f.H}.q._:.}.#q....Y.i.'=..".9..nLc..:)..r.POe...]Lr.Wx..B..e.....p..z9\.,.......w..GbA3.PQ?.g).m...\.e.W).8.%..R..XvxN.t..<...4..|.+..L.i.=..E#.z.I...?;..F
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.978211925051583
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:2M1LECKIzxXbeonFTxjxeyyccoHkkOlgpuksX9TgSkGKX2cDv82E:2M1E8bnFTNycVEkk7kstEPJX2cDUV
                                                                                                                                                                      MD5:F2E0EE6EFE7D674DD12C29F13F506235
                                                                                                                                                                      SHA1:CE7B39C957E3CE72C9FE428A4A63E21139E5D26E
                                                                                                                                                                      SHA-256:B18AC50D895FEEE36AB44D54FFE6B2EC79592047B381FC5FADA63AB5FE5B885A
                                                                                                                                                                      SHA-512:6BEDC570DEE3C58B5A0E6D801E6C204D251B2F385A387DD9BCE0685BC7390F21B2B7906AA46121C9411B104582F78E64BB4AEF04F0E2E18DB8905B0897E1C50D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.2.pS.&.L3x.v.R.@..$....p.A^...e !W.q.d.o].w....;.v...e.oA.6....x..yO.._. ...T.q..><dS...R...B..;.(K,,[t..@.m.C..A.b~.6(....v.....(.U.en...oR.8V}S..k.>.."~e..m..3<.@bI....^.L..m.-....<..p.F...d...t....m`.8I.Ck..".j..h+....:..4.^z.J..qY-I.L5I.....`...dW...,.....SF.[.O.We~....|=$.`pJ..4.7.c..lL.8y.I...._......O.e..6\$.6h.Zn....^..a.qa.....C~....z7.h.2?(t.B..QP.....V..G...'h9.]F...<f....:..<... x':.!...%0.b..|..{....F.z.<.q.u.g....C./...T. ..(.)/.[C~.T+.o.\...eL.D.f...y./.t..k.....5...}j.Gz.....H...t..r...[..P...8>s.g.>.My_:9.I.6...y.d...U.U.....'D......M}R....u8.|]. ........4....LF......'....1.....rm.{.A`.eO5k....w.Wh.:.?.J.y^...@t][....5..%.t....,z.......&."..t..Qx.p.3.8....@..+...BffNY..F...z.b..A.~CWl.....!.A...%...Fb..9..(.?..>...l$q....7;...>%....M.%.O\...C.j.x..h...C.6........E..f.".......k.@B.J.i."..Ov.5.8..uY......JJ3V.y...L}4.~..e.Kj..........-..*\.a.s@...\....0.F.o.We..D...`"@8.F...-..0&.r.;7.2.. c........y..J.....,..5Y..!..]K.go.Y....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.978033683571528
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Jlyp4gQJcMvAJf63YMaIKt3hisPxPghzg3c8gRDWPw9YS1+:Jl5Sxl6oMaIe3his5Czg3c8wSl
                                                                                                                                                                      MD5:54679B35E7F46722D6DF297BBA1FE8B6
                                                                                                                                                                      SHA1:04A67A82C094ED3C372DD24B01E4486573047A3B
                                                                                                                                                                      SHA-256:360AED7B6493B5B833C39C5F7F788A2A315B02EE5B63B7FF341EA589B564BA99
                                                                                                                                                                      SHA-512:0FC913490036CE7F52D87EFB10348032ACB56011D4B1B0DE579A8D51BC96A1C39FB8A2658AB4582D1DFA8907AF9DABF681186E2D1F80E13CA9B177AC6CB39D17
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..,..(=B<..L..?....[.'...>L.&)+...F.t.%i$.m..........D.....H.. ?pi9.S.|R"....p4X.^z[...).*e.T.F...0....h.E.../.[x..L...Y......9..R...Z..2?.q...>....."2qQ....&....U.v.3..f.+P.a.......L.n.9...?B.dI.d+..F.Z.I....... .8......7.bj.c.... ..>..........9' ......_..'H...0......zYkW..(....SQT....e4F.w....bH/.(.\...:.....mz.Q9...#9\@..$....#....4..}....;...d.E....Q.~. ...A.{.^.6...Z...w....j.4..H.s...N.a.........Am"#O.f., ......l.....QL....>...9..|.......G.m9..|.s......wo:............e.../.L<hs..Q.~l.\.e....OQ..8...0]..o_.U<.z..S.......3"M..e.nv.*...Mt....W...c......y.. .!.c..)2I8....w2.3..........U....=A..(...{.q].m2.u.>.L..q..K...T..1..3.%..{%.C..(I..._)..9z.a..lW].\f..f..{..d..y;..p.9.*.U...h./0_M.&.......N........g.....@..O.k..Y....GA..:".e..y.6.u..~...7.p..`X"pPY.......H.o...W.@0'cH....).n..gd.%..$@.._z...]....B:.......S....s..-._.....e(...@.M=.......8.:..'.8?....#..*%......E...9....c..z..Q...e.F.{Q".Y........(._...t.'..qm4tq......(#....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):33023
                                                                                                                                                                      Entropy (8bit):7.994041674309951
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:pwc4cOGQ8YgWAa0ineXypU0Ah49d18g8WHVLhdWh7xjtpR9f:qvGfYgW0GYypUhmj8gVWpxBHd
                                                                                                                                                                      MD5:243824D13CECE6611B71FE0660CF50C2
                                                                                                                                                                      SHA1:7B246EE2B56DE5D059231B5683A7BFBF3B9C7E11
                                                                                                                                                                      SHA-256:4E24BBA7FA00533E207944B1F849D1492B6A71044155B1DD3D80DB9EB4B7399D
                                                                                                                                                                      SHA-512:11E456CC334089238FE534D87F20348393B4549E21385FCE1A6E425FFF6504125F6466D497FB08026AF237CBA379BC97EA54DD9B955E85EAEE57E83F4604F2A6
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....[.H8=../p08F.$.z.1e;.;...$..c..[.\.%E$..].,*z2b49._N.E<......7.Sh.|..d.1XgH....,=i.....s.)....0...w....i.c.."...2..2H..9..=..<U..(..M.3....a....u....z.&.|ztxdy9...+5X......n.>.T...m8%a.IR...u..X:...b.A.@.z..%...0\.R...Qy.-@}3..u......G.]'.DR<....Z.N....]........"._;....Bx.............&+"..B.]....l.).34e^.....k.[..esJ...AG.ei........$.9+...,.QW....N:...\....R.(...d.D:..d...R9.M.4.( ......H....[G...;q...|..r...a%4v}.."...*<OSK..)..C2:......'`..........KNl4\. ..b.`.5...4.b.....20b...t.r|.-.g....8Q2u..dV.C...#(..OOjZ.....l...I....xV.kA..$].S.......z.4..Z.....}.^gby......^.d.P+....W.$<.3.q..].<m...J!"..%.eX%...A..5h.p..`.`...5...V.E.?4dL.P..W...>.?....|.....LL..s..k..`B.@R.T.6..Qy...f...........U.......a<+Y...i...-.Vf<...8CM../.._cU:fC..-XC.....tCXe..[ A......2b.=W.Q....4..F..b...u/..6.B.:H.m..T,B......K%..%.4.....I.A_.[.n*~]..u.L........D...k.CH..!3\Ul.3........2.-..._....4._R..7..4k.......@.... ........@/..l.D.N..z4n)O..0C.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1351646
                                                                                                                                                                      Entropy (8bit):4.3771248025029275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:VxkyhD5gE401AuPfUwzRgKBEfeLKhB8EX0ndW:VxkyhDqw1AWUwtdBnyjB
                                                                                                                                                                      MD5:D2202D7D208244F4A92496B5A06273B0
                                                                                                                                                                      SHA1:9D4AF812AD3BBEDD9D2ADFC64511ADE353CA5E69
                                                                                                                                                                      SHA-256:7AF47B6EC752D2BD5374E268371ECF352563146E8BCB45EB454A4C934F81B966
                                                                                                                                                                      SHA-512:C9737DD09DA6496BF3E6A847B2875B826823502C76F186FD4C31497C8D9D5EEFA6A1FD7A760B139748FA36D132FCB9D353B18142C84EB98BFF800CA6402C182E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:A.5..[....l.....l-..U.u....5V..j.*e.~..Y.5#.....d..........#.;.X....6^.....qS..4.R..p.X....J..[P./..|....M.....l....d.M.F...4M.O.s...a...1&.a.../._q....>(..nFv....G.Q......:.3t.zx..@.4..." sw...y}..;..Z..f;.,...ir:.s.)|#n.z..*jM. T#.....G.....m..L..:........p..gn.iQ.F.1.$.G...G.EB......Z..a]...3........&.\[....-.E.fjC<...r...:...$.*.Y.._A........|..o.#.K...{..Dw...c.u...(...+?..Y..Ja..:.MjNy..JF.g4.T/=.pO.K.*A..}..........uc.z....`..$.......$c....2.......mh.......q..q.c..T........V.Yx.yy.V(I,.+1G..4..l........[dK....B!......c..k.pV7..q.[...=0.1.(.Ne..$..hf..:N .|.5..s......`.../.I...d.........H.'.lQ.....>.*.f....<.Hke.'./.M....)...\Y..]VG!o.Q.]D....qTZ......6...3..x....F....xkG4...."\. C..A.yR.P..te.bf...NJ..8..fT...b_.aI-.;....O^>U....}4...+h6..lnwK.W..[@I^.....A......U.."..+....k..@..)..Jm@.I..Z.$0..3...(.....b.)..'.........B..R.4...AB..c....jp..........R...p^.9..d.... .=.s..bFm.Qe.O.9.P..C).E:........=.:..<..q.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4345
                                                                                                                                                                      Entropy (8bit):7.956750638403427
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:6+ghUFrPHwaNZD0hR5PF20BeTObtHiDb89cMNhYiUg5HXfbJubtre:6+v1fNmblYbg5HXf1T
                                                                                                                                                                      MD5:AB5D4246ED2ADC6870C2133A61946805
                                                                                                                                                                      SHA1:D0A556640FA36362EE675F5BB5088FDB602655DD
                                                                                                                                                                      SHA-256:692637E9683C7297745BB74A3083A38BD3CA36D98250C1A60BCBBF35C6EEAF9E
                                                                                                                                                                      SHA-512:AD4C94E1C3ED4619ADC212B46EA410D4198208847A6457397969C29D701E07E3C6D08C2539E6D81DC178D6B2165DDCFE7207EED6F9257C4B889B6F140ECA1A3C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:bp....N.;+...1.4....u...o..wg0..L8RB..Q..K...;v...9T........x...h..A..bd.q..o)...fQO.I.R!....:..~..$'.$..T.l.2."}.C...-5...X.I..i..g.. .'E...2.o.NA....E..U.m.Ac.....#r..Zl..\gf..U...Uu9....j.F..q.i.?BF..f.B....:..B..waP,.!.d2`....w..d%....1R........+"...v.Z.u.J...NX........6.S.dM."...}oS..,8(..]f...#Jn..s:...@.....6..l...p)...{.{X....n.x.=X..o...v.*...(.....On..u.}vB.w.W..L.Mi..A.Q.....d.a..X.k9..o(^.....oK;.3.1Y..e......kv..,.[.d...q.@....u.._P.....b......u..]...'\kjA../U....)?....J..t. -....5.6.1x_...j>...$...AG.M.C.R..nKH.b..M[..<..th!.z........&..jN5..V.!3m...>(B..r.[.......(.8..RK..bw..........(.m.h......*rY...p..Zw.N..2..."..&1../.r).a~...3..-.f..V.\xT.%.p3.{.L...55..I..9....VB*.F..0X.9.....h.J.>...UH.$a...o..a....v_.,..A[._Bl.....jUv..... .............pn#....zT..?.j./..cV.....T."...K.m-..|...c.;q%."g..n...&T.....E#.(..gFmU.%;.i.l.I2.l6.A....4&\R..Z..%...0.2.q/[?}[...Ag. ab..K...iT.Q0..[....7.SsT9....=..o".j.......
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65813
                                                                                                                                                                      Entropy (8bit):7.9973071481725295
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:fUhJvqZeKwp2obu4sDzi4Rm7IwmNCBsyBLHuQVU8P5EW77:fEJvq1lobSaE3kBsCT5v77
                                                                                                                                                                      MD5:D301267B4531CAE5416F9353F0F8DCA8
                                                                                                                                                                      SHA1:40F1BE48259E550B07358D6C29E9059C49B8EF36
                                                                                                                                                                      SHA-256:4FCDF48128020F64DCE56B78708792CA460B26796E9EAC7F657FB4923EF29D52
                                                                                                                                                                      SHA-512:0FB99322AEC80CA8044D19DA4B03B04FD9DF1DCD39BFDAB60649704788374A26585F2D5F321535BB743A768C888684C7CF6F335779EFA10321CB23A33126BB16
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:P.o....(..(..H.\n..H....`lpQ......9coz.m.J....P.I.N#.y.'.e...B.d........!.z.\..yBw%........8.,...*.....@.)BfT..T...\G..3.o...{)n.D..w.....S8....j.c.J...!..Nx.ov.o.8..i.......PY..............kV<.{..U..:U.d6...w.Y;,t# Ka..C....&.....~.*"..F......g9..{A3....B....>.mr^.......l..b...2...$...cI..&.r...._....)v.G..^....v&....EN..-'..8...o..{..#.{.gv..A...../....p=-.".c...2.P...6.....}.uv..#.(z.........$.7.U;..@..[$l.........O..M.....dwZX ....W.....1.oE..or...F..D.~GB...6.P...M.....;..,.....`.{.*..8O?I..#`...T...U....}_.3.1<...S..gI0*.$ y.h0.|.}$..X!.?..{T&..H{.d@E=....^.H.e...pt...p..U....R..a......8.L.:-....s....LsV.E#..c^2c.kC.:)Mn.Yb......E..e\..c.JP!..Ts>...bO2..#..{....#..i.R..y5..\..>.X.+....:...S..L..op*...i.W+.wt.m..i.!a.9'...Np..k.....'...a.0K.8.1#...r..q.6S.Y.0%...e.L|1.1.e".S.y'Y.M.....~}.F..p..G....1H..4.sO.6..>*.g....Mo.........X;..t/..I.t..3...vN.......n...=...D.<.8'toi.HV..BL.`.P..n....3..;#)...I.,\.........KU....0[}
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.974477015256535
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:7RJuS6C4kke+SzjTs4W9wx2GbXR0lPxvacOPRzuoSfzQEA:7RcApkl4x23xS9pzyhA
                                                                                                                                                                      MD5:062A7E3817C52A224A951A150BDE0BD1
                                                                                                                                                                      SHA1:10EA030537AC55F2620752ABB5FBCF27700AD1CF
                                                                                                                                                                      SHA-256:D3F4F7C96280B429736193763C1328675E82462A1C8564230C24958A17DAB938
                                                                                                                                                                      SHA-512:07D5C954950C9058705593BB14C54FDE682C939DECE1D7C1B2067BC6E07A7B2C24B01A741F8AB3B0E1DAD951CCB897875F41B654163603A646B68CEFB4D91FF1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:D.0.J..@..@-..x..X..-...(.^9....0Ye....j.N.v.G......>.Tvf.B..|.@.~.k|..?o.-....yE.."(.G......X.M`.<.5d..Q......]w............H........`.82..F-.../.".Z..+.VZy.cs.1..<.dR.S..w...J...4.1b....s.}@..U..FO~...).........5..).T..... .O.}<.X3..... g......l..X......@,`..8..\.BY].g.../..{m.r..uS.P...m..;.C.`.<.....z.e.(.17..%... .S....TH.T..;..;.....euh..X.N.C.{FM.6....q..L-R..n...'...!.Wy....&..i....H"..j.Dzf2....jj\./R=.e.S...2]....R.m..a=....B.....Al%.<.A:vG ...."..+...&...J._..5Ug].....S.....3.&l'(...R..|_~73....`.)..!.e..1.E..A.....Q5.D.gw.P..x..........,>(..a.......82....e.2......k.,..gk*.LCb$p..'.a.J0.A.d...}....E....~._.....P...n.E....rm............P..A'...k.(....[;.......=...kZ......Kd.g.)..x..:.L.t....@.......zO*`..[.:.^.............nn.7....p..`........4.G*<[<......F......-.2E...w..N.... ....e.v\.G.m..fTo.w4.K........^{...Bp.2xx.ME..e...O..}.[k....L.....2.+H.\.(..nV.j.R..h.f.fj.h..f[...j.Z..0...BF...N..s.j..s..].?_.l..[.k Bn.o..n..z..*
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.978619853806591
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Obxd9koZHLM7AAGxrqYcjHGIFlPznBgmqDAOqUbUD1LH:Obxd9xZrM7dGxrjcqIF99TtOqsk1LH
                                                                                                                                                                      MD5:7EFDE82DC65CCFDAEB6ED7C5AB6D74B5
                                                                                                                                                                      SHA1:4A63EC86BDB8C88AA1F7BB1C2770E8001FDA79BF
                                                                                                                                                                      SHA-256:E0877AF97F4404AD76EAD6800E76547B4AF13FFC3BC9F1D220D0C88CABABF8B2
                                                                                                                                                                      SHA-512:D6F6848B4315CFDA8E218610033F1A3A507926A0D9C8BF05720AA1B14494C2C13E5FB08031ACB948A073FBC234FE0CCF1FF31960A29472948CA79BEE6B8EE56E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:D]O.c9.h...{.RU...../{...N.3.w..~.6.Gtf./....0..=.^T..]K....Q...[.;gC..p...H..a$`.3.....g.f...w;.Z.&k.m....\F5 .W0Rk.5ps...+..I*d.'.Lk...S.. ....c.,E<X-Z.Z...0.Bj9.8...;(.f,l..{........^.J.pD.3.2....@O.........$Kc/.}..\.^.5.ME.gO....P)SD.2a.3.>.qb...F..W..E\q:.{w....b...5.GS.#.A.^;.hp8I@.~..7.2Q..+j.+...~.w...Zl..s.+z.....%.T.2xPY.O......w.XV.g...\}.(hx.o...a.>Zh.?$.n...x8i...V.v.|..a\.........A.b...E......B.F..*'..Lg.Y..(7..l...!%.-.}m...1.+..;...R`-%xB"...|.pk..^....i.fW-..a....1....R...T....S....^n.O{..[.j..g.\OT.7..."....lz...6..A..}\..{...y...z".P..1*58.v0.Z.x.9.@..Z1w.x...xU."&n.,o.......;...|.x.{ux$........R.u.............Gd-"SO...}.....y.n<..............f.i.'.O..9.e..0;.(. .uTA/.i.de.XA.........W)...Y...'..@Qv/.uZ......8i.7N..5^{..(.4.'...8...q.xr.d....da&..26_.P..bh..+w.R.bD.q...?. d.\.....4..3........?..i.^5A...<A...n..i.^Y....k.FOu..U,.........&.$Ac....#mhy.E..$........uB.~r.Q_.!.EK^..N\J.7"M.m.Sy.k..=..5K..........R..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1573111
                                                                                                                                                                      Entropy (8bit):3.599743752206783
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:W6JTSly8tVXvRe7N14hMMoZaZ6aG52ZJzHql3iGReXNzqpLU0tD0i:Xb8XvyHObowZ6V52Ztq1JpJtD0i
                                                                                                                                                                      MD5:C7B355CB300A3DA8C1535DC4A4A6CE8F
                                                                                                                                                                      SHA1:CC917CB9756466FD8859DEF72E150A0BA6FBBC04
                                                                                                                                                                      SHA-256:594819840379D722DA269AF9FDC1586BEFC257235E7AA7D2DB13E8E6F698568A
                                                                                                                                                                      SHA-512:986534B0CAA554F7146D83F143606D5A9FFCECCDFA85386B8E464ED2BD4F71276FE777BD5600CBC32AC29DC99ECFF16E1C925F90345863F8B212F87612FE8BFA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..v''.q..7..vyF.u.,.;,f.0.-....~.V....Z.k.0.B.......A.-im8..@.I..U=C..q...e.....@..F..!.%.>..K..V....[.\?...}.H.(.?......?..d..b...\l;...o.....>.7..-.\.......jD.b.....Z.E.......5.g._....`..AA.q.[E.V..('.R.C.L.....w.fD.....j..*;Og.5....>.C15.$s...;./.9....~h4.c....9._..'..b.........v..x<..{...ET.Lvz..u>;i?......=..k-..B............<....Et.nU..I*..`'....f."246.Y.].........=Z.b....4.%..2.=(.}..S........0..Qap.r...F..&u.. .X.......).w[....[...u...PqR...!.l..9.G.`I9...$...L.w..f.5;.........U..T[O.j..s.^@..;...oq..W. ..#..%..<8.?..+.hc.=............?.t.k.....D.mjxG.Z8X7%.3m.>...9......:W(.]......].g..&.cf.e..7U@..WC.d....Cl.........):..Oo.....+MT.aY.....Q..........&.\]........~.upib.....N..Y...v..M(........P..As.v7<.D.......E...3.g.h.W.h.b...ta..2"..'C.M..l.....l...._...@-3b.[.RS.!UF.T..5.....cHs....(Y_e..:.Bxo.?*R2..4............6r...O...7.l..................Wy1V..m[`Q..bnL..H. M.....n.yE.:.2..$].GU.....O.....H.G_!A..eo.....B..z..au..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16632
                                                                                                                                                                      Entropy (8bit):7.988976364300246
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:5Bck98xU0LvhLTfNq+htrmMQC4QfCVu8xEgCHwu:vT9Q5Lb4W9r46GKgCQu
                                                                                                                                                                      MD5:DDEE5908D61AB0BB64FE46C51F88C9E3
                                                                                                                                                                      SHA1:CD392ADAD820FFE9C1214D95669D03E57C1CE050
                                                                                                                                                                      SHA-256:0624E51283608ED0089EF54C44D60CFDBF09FC83B2F7E6ECD119AD4CAF71495F
                                                                                                                                                                      SHA-512:087144D390198176E146461D3C6EA4AA1ED7694696EB0CBF926C451AA74D33024092ED7C0C6A7E62D7E78377305A146E62132B928BB739F50C60A5B81E59C20A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.p..Q..GW....Y.gz.x.kG.t.........W.Z...kD.A.u..;.P.Q...........0.68....K..V.T.5J...7.....>&(H.l.?"....hQ\!G..)\T.k.W-.....H..36.........g.W.....H....yL..w...g...n.a$=x.C.zq..7.?.....>'5.......]{....`..r.....2:.7...${.R...$..&c...g.....1..er..l.......E/........X,g....].../7.^...9L.8V&di..,D.g....R..........J.....R$o1.6\.........P.'w!ezux...c.J8T..P.H@..X.H}f..zre.....x......e?...;....!....F.@0.6........m....5.Q........k~4.bB.K.9.R..q1P.]..$.....mi.7......#.3`;.@.S......R...D..TF...........0....'f.A...\.{_....R..&=.`.M.'1Ff.... ..S&/.v*B........=.:..Fa..T.....N...V.s..v..l.^...e........B.W.F..G..5.....}I..w+.3r.._...u.3.e....Q.U....R...)..I....3X...w.><h.!.4..!..#y.L._n6.H..p.3.VtkF.E..3...f....`.#....=z.-5`a....%Yzs...&......(<Jq...t..T.+R..?....Y.-...........^..{)5,.G6g.<..$lJg....c.u.i...yA..P$.i-o,.....wG.-.tLL.O]..U,YG#.v.S...Q.N..@O......V..v....W...{..#...zxN..}.k..gq.1...&.<..Z...=......K._^.....r2..i..$.......z..-m..%..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Public Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2097392
                                                                                                                                                                      Entropy (8bit):2.8785747893300244
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:bOXStyquOFVbkCv30zMYgAJJ8xWbH0dJEpdCf:gSEqfx304ZGJ3bH0dSpU
                                                                                                                                                                      MD5:9370B171B6A74F4AC8F01AAAFB3A5E8B
                                                                                                                                                                      SHA1:0AA8A933BBFADE2CD9F5076892EE02612463CA37
                                                                                                                                                                      SHA-256:97D5037F5ABFE32286119B9C5B5E0C126F8E35587F7BDC4C9F577A19F777C226
                                                                                                                                                                      SHA-512:61AC89A8D5C6D268F82A3E02502C4A2DFED748E9EEDCA9D1BA583FE308BC003DF8246A77033B86FF045F390DCBA9225597A6C2BD82CE0347B868DBB18366E3BD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.\".^(.....N....8.{.V.`N........V..t.|j..C.d\s..w............#...4..3..3.I/.K.j`.o.v.!N..-......c..........!C..}.I;...sn._m.oj.'..E*...N.. .3s.8..;.%...SMV}_.....8........}{..A..O.....!.V..@q._.`...5..@..@y).k......K....U|..g...7...J-...?..C..2w......}j.........J.1_}C........1_..D..5...l.l.....Kg..0s......_.V.....$h^..Q....u.....-:/(.x.....RoAG..._.(..@sA.0*....<rs.J.B..@%..MK..n.."K..9r..uv..4.&v.k.(.~u....}.....A..L}.<...;."..LL......=.....d....L..H.u}A.nk.,.$..O..Q...i0RGz.L........#.=...Z.0..0}.O0...D...X...9j......l...}.l.~..M...#...~.Z.".g...'...P.@u.RN.eGx#.....2'..-1..@. P.....#..I......<l\.OG..XS.&.#*.x+...X..f_xoD.`.......x.xC:..#)..d-.....CP.%.B7S..$.Y9#...x.<5aF..$........:.2.....k.H6-..k.\.....|M.l,(...:.^.{......O.....g|17TBL{GJ.,{.c....@.|.S.>.-o........-..%..e..P.......61.&6...Nn/|.%.ij.....hK...x...../.%.:.{.W?..4bru..".~K...u...X..Hl7E. .....l......x-........>.-!'..c6..E..Ee....F.........Qy.... ...$..z..;.f.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Public Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16627
                                                                                                                                                                      Entropy (8bit):7.989821969543736
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:CrgtNvsdtkxYCJ1muHPuFmZy8kH9+KmN4M:CsdsdgYCJ1pvwd+tN4M
                                                                                                                                                                      MD5:700DA3344A5823D0DC2BFCB8097A73ED
                                                                                                                                                                      SHA1:AC3524FA81C35B92687BE45B22AC42AE6F085FAE
                                                                                                                                                                      SHA-256:AC80A4698B503285F0A90502ED2C5893D8CC5A4C2622AE0426028967F6AA5DE9
                                                                                                                                                                      SHA-512:D6EA720AFDE8FF2E989FDA67730493139E7B15C76370A773D3DEF4E3803300839E0FD26FEC773673E1BC6A983721ABEE2798F19AC273867C75F55612DAF948CC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...e..^....h~...v6:TR..j...W....r.M.a...;....7s..v.8~...Z.8N}..Z}P...-#.."...$.\gg............z.sK...P<.3..t.8.Y8pW..H.x...S$...C..........$+..R'.;..~....u..7.Y.-:uI....|.......%+.e"8....?..HJ....@...X....{....7..P..[bd....ucxU...~.A...5..H.'.U.......(...H.........n..!.4....V...Q.Y.E{d,..R_.....c..ek..A..~......E..Qu.....F..8..).].u|z.X%....~3B`....".......quD..Y.e...'*C.y{...v..t+.cQ#.,;..u....Mh.x.U.g.y..G..W...c.8R....T<...f{..T...o..W..M..-6s ...4MP.r.....2... .L.....L....@..F....f...A.K-.3...4.?..c..0..O4A{R.nb...*6.^...."a$B}.hnKC~......e.?.....k]^...c.UM........;PB.m....z.l.B..,..Z...8.....&.B...p.R.K..w/......f.MT.U.r..K(.y....#..p _...K..'.e.,.g.....b.O.x..1.......(.S.1<.....B:.......s...b..8.....2p.UUe..vWm./!j..Fn...%y..hng@0.b.....5.t<...;K.O..ekS'.?..RO...S.~...GLz.s.4t>...2B>.{..EC?p....4.0...$+..|......<(d..........-.<.........>.$....?.....>.....@..2.B.D..4Z{.p...(.i[..l!QLAD...U$.>3H..>.c.i+..7.|....L...A..C_Kz....niw...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8425
                                                                                                                                                                      Entropy (8bit):7.976251643051874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:OcCk5VnENgV3jl3JZrNPCPzk3lV5oOjSqXpNjHkgq:OcX7WaT/hNak3lV5vjSqPHkgq
                                                                                                                                                                      MD5:ACBDF438C081F5FEA0AF4438AECBA981
                                                                                                                                                                      SHA1:3C53CD18B3A521A62F708E191EAB4C74DC5B623F
                                                                                                                                                                      SHA-256:C5FABA0C203F0B6C589C117652F2E495E2F07101BFD17C5BE1B49C10108E60AE
                                                                                                                                                                      SHA-512:1FA9213C58A7ABECE8950978F32E4F05B1EBFA7F00158ED792DCFAA90602348E3BA9FCEECB6F241D02ACD5762FCC86DF1D5E45859CE789AC33CAD0C8642C6306
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....*.j...gG%..K@P..t.9w$......1.|.......YYw.Z......{d.(.L..\h..../....^...Iq(.X._.......5.... H.O..M.N.:Z.....H...$k.........q..Yl..xxS[.Tv.7.K.U....\....).;X.hA.*....e.....l.....PV..D..[...2....v B........_+..M.o)+.6..H.C.F...g:..":..t...Lf........a.I.#2...q.."..:iV.u..y.ep.X......*9...x.CK!i..Q Z.*.........m.Gl....'J..i.N.....X.?$)...=.B...o.ND.c[..x<'.3........3..d..I...x...6.=.oy....(..oha+5...#`.rr...d.P..c..F.X...M..Z4.xv,n;....*..Y.?.....mq..[.:..o<...N..8/..k.a.....o_..Y.....n...in......I.-.I2..{.%.[....t...x_.P.p...L..PF\|......w....<^.k.{...m...s..jq4...._.>q..I...3._L..{....D9...Q..8.....4.._1g~.imv.M..J.....aR....5.A......E..6...m:I_0#..*.]S.>.D..h..,.^.".r.~v]..9..5-u.y...;.hy...p.x...T.....N......@..P+....yF...)... ......(.....n5...d'...*.:...P,p.VIU.s..}.e..u..d..a.....+........o.F...L..Q/.BW.i@......8.....9c.I.Z..LucP.Q.U..3......WOY.c .)E?.h}1X.@.2...\9.V.Q....}kdd.......`..P.8..< .p...i.p...Q].%(.U...?X<M..m.v0"h.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):524521
                                                                                                                                                                      Entropy (8bit):7.999680925683251
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:12288:+2ydFCQzYH/QOhA1mps0DVR8nKEeMCQzUiY8/6tRuA2yxeSQbqW:+XQQzYHV2gbc4Q5YC6tRutyIZ
                                                                                                                                                                      MD5:E7D945D9D1E4084C086ADBC220E37C72
                                                                                                                                                                      SHA1:F7990D534E34AC48CCAD7D4A1F5ED5B313EEF4AB
                                                                                                                                                                      SHA-256:8D2CEAFEA760848683B0913109F639945C15B4FDBCF906D70A15419CBE337143
                                                                                                                                                                      SHA-512:898A5B8DB174DE62FAF83D5C5A1C270115BBCEE26805B21A7452E96963F93CF278512C00B85FE3DC4CC0B62E7C1D53A7B4AB4D1CC301A2EB50F403B7ECB647D1
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:... ...(...Au....S.lf..4N..{k.(.....^R..f..`%..d./.{8,<..P.O.... .T.t.+.@.C.G...XM..4._.....BH..wt.P.....c1.kQ@..SY..;.i.S.T.(.&...m..V...#.jI...(.54.L...^...J.|.#..a.:....E8&N...N.K.1...M...Q..e.N.E..>o3.)..lo.W3.{..*..Og.....l.+..ru/2.P9?H..v..6g.c........h../X.......@0.<....b5...]...76.Ej.o&.T.|p.....|...9..I._..K"..[..!..:.QT`A.NT.,.L..........{.n[O...-Z.Hh...X. ;.x...S.^..W...N.Nu.......aK..S]..e..y_..]...:..l.g..0.:.@.7...U...!j........0.q....s.p.n....*..1..2...r/..}=B. BT..R.Vlx?.u..=.}c..).U!<....=.p..3..T.#rD...1.k....5....X...09.yU.....U.9#.ISu....T.h......q...OS....z.......\..B..X.!=....!..E_*..LH.K]..B......q...~].}f'...u....E...-.`r...(.7Ev.CU.....n..$.~....vs:...*.......%.M....%..)..b.9.6.B.A.C..+..Y...g.,.s.=B...$.P..>K1.w.$.b.p6......`..@..:..T....5.7p.a....g.phO...mZ:..Uk..t_.o...].E.R#i=..>`(.=...Q.[.xv.h.?sd.E....N.dlt.B."....(.i.1\l..`*V.(._G.$$d.;..?.....o..e.uX....-.j..v......$...s.+A)p.QV..K...1...{H|r....&.C...=
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:DOS executable (COM)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):524526
                                                                                                                                                                      Entropy (8bit):7.999656879634913
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:12288:VF95UzEH/wFgtYkaCamyC0ZIAOR02Y+v4DrWZDDeAI+hJUCY+m:DVLtoCamypZIAEPv4De3IRL
                                                                                                                                                                      MD5:E07045928AEEE26C8A8E863DA3524416
                                                                                                                                                                      SHA1:66D576D68CD22E392EAB4B097D3197574FBC7FBF
                                                                                                                                                                      SHA-256:2BD3BA7A47411AD56FAAB4A58810B326EACAB5B9F1A39BE9557A2B79D5B9F73B
                                                                                                                                                                      SHA-512:11B8E31EB328984246635E6C509FC99DD55BF999D9DB25E719C98DD2D5CE0A2C65D8B6E931E6FA3A6E03920FE94533238CB66604F5F6FBBCEBDB85C57FC4C5B4
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..%...b...,.rPpxEDs.9..(z~.>........\...|P.A.<.W..G.#.=.0....H....R....&#..H.j......e.........e....%....H4{.(e#...|5......9.W?#.,....<`..!..2............N.e...9A.<"..K6_.m1....f....B.........9.e....vo.z:.|u......4.k.-.8.P2.Do..I..c. .X...Z.&tL...Y.....v..]0.%...F.@,8...&\.W.o`...'....-f.2..A../T........xz5.0.!...VWJdU_....P.+...a.f...._....E....h:o@.e...j.2..+,w..^./Q....1....* w. .*F..}.c|..o.4.b.|...f...#*.2.O..WU..>.OMpy..b..j.I.g..Z....C.sBD.d.........sm6k..y`T..qsV....&]t.Q.h5.. ..h..q.$..s..N..? ...B1......Y.&...:..@.....oK...CJ...=..^.h...~.../.....yl1...m&.....RL (.GUI.............%J#..r....k7;..|.7..~;I.BLX.....J.Q_..D.I.j.../.I.\.x.......;..+..V\..>.Y.....)..mY.f|....q.k..sY."U.3IO.~A?9T......3..k..S......np..>.y.z.4.....D......-.yt....E..v...(e.IA.=.Jmcw.Z..........m...3x1ZY}..\...Td..8..].@r..P....<..ce.....y./<5...f..q.).a...U..7.JnIt. ...}-7.`u.2....<..3.P...>....7|7....[(......Um.....A.X..s..P.@L..G."^..A...C..E.@".......RW\H
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):524529
                                                                                                                                                                      Entropy (8bit):7.9996497012134595
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:12288:yLZUFFEa5mtv1we3XTzCU8NXLWUhBkLuPtweNYLEV44S:yLZEEO+v1wAzCU8R9WL8wgYLwxS
                                                                                                                                                                      MD5:45CD8788120F99BB4D6CECD61115A94B
                                                                                                                                                                      SHA1:4FBDFED6E7FA70256B1CB2FA953A43C665D73B65
                                                                                                                                                                      SHA-256:8DBAF5D8D59F577E8B7BDD2F435D2292C45CFA138FBA94A7E3BD56DD530FD886
                                                                                                                                                                      SHA-512:8D7A2497D11446C8CE64BB92C3343A039AEAAB4BDDD84E1240605D3A4802E1D3AAA7B4E43C07234059DA425D5B2A3E371ADEAB9630630BB64CFCA923DCCA5FEA
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:%.?.f.2......s....S...d.i.u$..#=...).]....^..3.k:.t..b...}..+.m..>jU.V.H!.2..^.Da.0....{|B..MQ..(.0...?.y......#z.n`.?..[...o..z.q...=.....N._........\R0,.X.........[% y.S........FS._..........$).u...5.R....\yy.._~/}..Q.0.J.).S....}.Y..@......GW7.y.~..T..T.Y..3..........O..)...OR.#...d...+6k...^...o|.F6St..KY.....%s..!....C..^.34^l..g.}"...L..9....:,.."p.~..".d|....J.H.F2.~.z.L...J..i.....t=).0..9.J..J..H.+......v....qD..C....)3.1.PI..X....p.s.&.T....=..NU.Q.o.V.I7F/.tmn.k...-.....j,v..vHqK[.LL.....qT..E#......q}#vle0...j.e.........B.......G.R.5.........|.......G.D.P.]...P..?.;?=y.9..\.q...]....h...9.'.fy.$R..x3..%.}...._....io....EuSYC.fTT0.....p.1......1.f....@`...+..:....X....E..".&.Y..,.Wi]@....C.#.....O;....5.k.,.u.4~{*.#..}7....;...;...n:n.>...1.`3t...>.....4.....u.......].T.}..X.%..jw.@....'...}t[.!(...u.G..#A$V...:....q..x......9..H$..|.a. .a.xJv.1..W.z.....Bz..T...$.X..7{.C..u.3^"7.m..(.I.X.I.*b.2...f0.}.........;...E..x.<._j.l
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):524529
                                                                                                                                                                      Entropy (8bit):7.999691846929643
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:12288:a1LZV08x1XcCkDJlnDIzbe+9+ZDPbFw5QpZC2TgVTiMkJ:a19Vf30DJlDIzL+5q5Q4OMs
                                                                                                                                                                      MD5:DDD97B32B40962D594D348FBAB199D0B
                                                                                                                                                                      SHA1:AA78B490D7D4CF5FBA1DD455C5A0B2F6DB093737
                                                                                                                                                                      SHA-256:BCBA7ECFA15BE6E410C9A314D6BCA7CFA57852A3ACDA03CEA8DE4347058C2D3C
                                                                                                                                                                      SHA-512:FAAB03338F36FF29D89656F8FF97D1E1A1ABCEF929562A9F5680E6E58A47F1A46D058089C47044DE2791184D863F52B91C6363F25E5B841E189AF9C491DC941E
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:k4...o....A..ermR.w.z.k..r...7....w...:[...}JA..4%.||..'..b.rrDT..tH*....D!3~=.f......Nr..=.[o4....(.......=..q.F1..uw.?pq>....&........PJ....O..a^T.....M.Ej..D....7....._.....'>..K%.9y<.9....H...0.......\.MO.R.C].;..".gLa.b.8x.z.....3.F.0V..<.?........Y...l[I....G......)..q..N...v..|.%...c....?................|ck@.....4Oy..]/.K..#t<..b..k..!..B.."'N... .U.=....."..Y../x'.1.....O...`.A. S~..)..i.0.I..|c`5.f.}....zg.J...........N.m.X?..].4....Z.k{.z.D.^..:..9=.A.q...H...!...5q.HO...../.....>...j..B&.K....W&..........ko.d..9.......7U.?.....U...WW.1.....Q.........s..l[)....Q...J.%..Y].u2..zO..k....?^X].q..w....r.]....k.Yo.{,......w.....G:..eM..g.. y.(w%...-E.-.R7.r.q..N...~.,f-5.:...........w-VRk.+..[..Q.!.`*....v&.[.$....h....g.{.Cp...<...0<..+B..M.#....%g.-Z.x>...I.u4.o..Q.I$Oj..$%.\.....u.....W9Daf...R..S....F0.Q..\.F...$.....y...Wtu.P.G..ng....T..+,[......t:..@$P%....!.]n...C..2Zh.-.I.QH...Ku.O..4^.4[9...D...D..N..\......q..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):524527
                                                                                                                                                                      Entropy (8bit):7.999692272388502
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:12288:+sVctwWaFy7ND8BRSYC5WSpzKSu0xDr7fZJn:dVgwW97h8BC5HRAOj3n
                                                                                                                                                                      MD5:AC0DC3D0897BF2785E3CF5638427E21F
                                                                                                                                                                      SHA1:5380E8C181F11E1E1C554C57EE53F2923F2EDDF1
                                                                                                                                                                      SHA-256:11E156F88C3153852F7D60A2D980D3DCFC3BD83032D40A5C835FABD59B84336E
                                                                                                                                                                      SHA-512:69E9468191AF9D55B413766E8988C6068EF112B5D4BEA5D712F0034B0FE8423D5F4235CE3609E549AD2B44DEB6EFC277F01FDB71187ACFD5FB9B8DEAF4E197A4
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..KBG.t.A.C.h=}...S..(!.....)sW.'2.=.keU..h..7..\C.......s.P..S..M.>.O.)gF+_.....z=.3]N..k..).bp.1..W.D.%9(....]e.M.Z..h..a.,O.\.p|.*.x...-.....!Q.p..0.k..SJ..9.V%'....|...R.....D......cZ.@DWR.Ta_w......3...S.M..mW........=..@'.......iz....0).f.z.>qx0(k[.t..t.n. a.w...(.Y...}C!8M.%.il0...w7......#..n4^.`2../.8........ '8..].}`F.w9....I..aw....\.....44a.A.....a3..X.k.a.....B.l.MS....p.p...J&..nj@3Tb.a..Z.n...%0}M6..6.....&|.,<m.z......Kz...3...]...W..l..lu.Xr....0Oo........5.l~.H.k...!5..OP{.....eo....Z.....?R;...#j.>%..P.0_.Z.e.5."|.Y[w.DL.....n...E.Y.1.&....ikW..Nv6.`p.._<.TQ.....-L.I........F...&ueG\.M`....P|b],>....y.<..}agk...)_....6.:P..]..t.~^.....1.....k5..<%.....'.`G.$P.F+./..Vy.)...;...o?4....V..r.q...H..z.. ].$...!@...L.E.}.|.........a..v.q....Q..9..k.!B..?32.WZ...^U.......)Rv..%PY/2.<.MW=%.=..^x..'.PL.T6.F@...Jk9..x.k..u..,..!J(.r/...Z.K."..e...u.^......,>..=5qA...t....^....T......En..F.\..Bh.i.p....?Q....\.va......q9...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37245
                                                                                                                                                                      Entropy (8bit):7.994827094697632
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:FkBgG+L7x2HQIUkYQYN4XRuvcnngQAkMgOXo98gNQZUkTrU1FTDUPKL8svXBAu:k+L7xoKV4XRbneDXMNQhXYTDAA8svxAu
                                                                                                                                                                      MD5:65E445A5AC3C9D512EB88C681124D81A
                                                                                                                                                                      SHA1:EA3E2CC63C4B7FDF9A57BF638B4AC98B34C6193F
                                                                                                                                                                      SHA-256:D06DC4141A81206788946F55071ED3FCC43F2E2CB4157F45E4776748C47AFB57
                                                                                                                                                                      SHA-512:AC22D9307042A18C49A1C31000E4416F0119ED209101D4C16EDA50019B219A2ECD7B6D98BEDC024FA14C285574D046BA502986EB9A0F7B8D7AA9A4A84585024C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:....X!..O...~.i#.G/s .O...vA..,$..wo..=..ND.J>33....\G(~!.0r..=.(....c].._..."..Z....V.C.W]..0Lje......{b..{......<2LB...1.e.).F.....Q.x5..Pc........Q..;Y...e]..N...cS...8+.{.,b.[.......)9........o..o....3...,...\.......?,KPZ{h...~.....F...].y...I.'.9...N.D.....]..^v7.T..... .6D.........*..RMyR.....g.~4}.o\e@..........|.Y.bx6.0.q@.......v.)M.g..+A..N...X..V.E..a.a(E |.{R.j.Z..%q.)xe?......1D('{Ze.6...c..cA.oMdw)...+.......7....W.n@.[.fe/F....d..Q**........pG3i...V..|..a...;.8..m....g.bc&..L..~......].UX+.:;..V.....{......i8..O|d..J.....V....q...(..5..N...p.R....@.f.}.....`..9W;..}...E..i's.g FY '..k&^.5.....Y....1.<..i.A.p..~.\..84..KU.R..e...7..w...2}.S4..:6k.\...7.-..#H01....'..)..].v.z~.:%._..g...........[3;L.w....|Mm....U.....H.;........v.Y.R.9......+....._k.2..n...]&....._..>E...E;.\Z..}.6A....&N.q,...d.8j.>..y...Gkv..F.f....%A...O;..dB...%...+..w...n........2.....gz7.....5o;.....atjZj0.S.zQ.ns@[..M.'.V..E.i$..).-!(......P...y.....N..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37286
                                                                                                                                                                      Entropy (8bit):7.994001352176442
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:1aJEKHDJD/jaABQCQD8YGIQlwFvMWzLjbPQLn40s2f:1KlG68hGPwFvRLH0nS2f
                                                                                                                                                                      MD5:0A7329668762158DF56F4C7958CA93E9
                                                                                                                                                                      SHA1:19B600546DCF72243E358D761B76489D5B97759C
                                                                                                                                                                      SHA-256:956B2078612351C11CB5006ABD6507F39458E2D2A87C469906B7FEAD47BB9FA1
                                                                                                                                                                      SHA-512:0ED9933669DC375B17372F4B7C5021F0CFD3433778C814A93B8811843F809E593A7AC8ED0DBDCDF8E87BF43DC55E29FFA1813A815D2CCDE6CECD7840ECA3D9A6
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:......=..!...$g.). ..y.]...D./..W..tN...f..'...c...../..a..VU9...d53=.....>...P....}...L...2U......y..W.*/aSr.......8F.T>.i....=....^K..$.;k.#:.l..>.q.s....?.........r.kI;S...Q?........cx....Z.......r..}.`HZ.e....|.....deF.......xvl&......Ol.e?'<../....R.......#..U..b...#.X..|h...2..x0Z@.6;JL...........hX.w.cp..F..pf.oF.......tr....J...Hrr9.3+..4?....G.K.7......Z....fw}.ZO.?.v..v...hs.;.P..c.....Gp,.yM..LFRd...................y~....r.=ob[...pW^E>U........;.P..........D....."..)?.L?.!......:.h.o...$#.6..A....y...v...Y...b...o'}.`[.0....#k....a.....>..;uCl..\.d.O..U..$..._'.X'8.....SA..>up$.s.\<vShV.-U..T..f...].:..~.A...I*.3n.S.t.n.....x_t.d3.K..w..|.^A8...w..m.?].|!..*2^.t...}....m9......>p%i..|.-..O%....ylG/aD.s._U..\.@F..o..?e.......R.;..QG.cq..[t...E3..u.D..."....^..G$...w.....F..x=v.......Sh.....4...:T........M..j..H..'":....0.E.W.../....%F}.5..}M.H...{.1..N.S...po.......\...c)V..+.c....\N...`...d...$d.xJ6N...?.......F.sv6..........\....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:COM executable for DOS
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37273
                                                                                                                                                                      Entropy (8bit):7.995072278246215
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:vQv8KsJrSkX9AGX3X+kQ8FvBEmTAvjuz+PczgIFJrYEM9atj98Nc3LK:YvoFdnjQ8B+wAvjuAc0IkEM9YjG63LK
                                                                                                                                                                      MD5:7923E2106149662B5123A4457D7D66F4
                                                                                                                                                                      SHA1:696ED6B3F063BF62405097D1DAF3E8C04C443478
                                                                                                                                                                      SHA-256:4A491F91C7F6FDCED671DB0047A977EB2D1028D60A90C9B27B120CDCC05F9562
                                                                                                                                                                      SHA-512:48B913E93575E55329F25F3A3F18A4B6BB35A96376D130073D7BE1905A55F2622DDBCA3FF7DAA0253DB4A5027294A944DABC51FA515079EE3759E28B0B21522D
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.u..-1..#..w.....>M..#....^..p@\..lH,7.......?......>.9.4.-f....4 ...A.b.lY.ax.f.4.C..`l.#Nn.........R..'....J....Dez......(..]/.....&...r.7.........|.+....mj...kAD.V..&s.=....0.....8.$.B..h..Gc....gc8%S0.1.....=..~x...Wh...n.@#.ZR.S.\gx.}....u.O.......Z08...&..4'.$....U.M.=......9.C.p.. .O...k{..CPi....`....SP.....;..-b.G.E...({.).j.p)....4............../.V...x.....v].A.].H..C...'......RY.6..ku.AM$.0.......o..>)R...O.U00..}s...B.....7o..p#....."V_.......l7..}.9.[...[.G\..}..W..../K...........<...4.$.v..U.&S..<7.}.k...G3e.@H..U...T.n...<.2s.'Y 0t.....J.....UH..;T........j..b.O....?.GP}oj48..5...wV....."-.F.*....M.Y#.../.N.,.z.]j....E'.....s..\-...b.Z..+s..v|KN.-S....CW...T.s0y....^....#..&."./....ou@HkP/_.D....z...k8....#r*x.`....Q.b.;.wt..2`..n<....-........3.M.....w..p.n..QS..-s5.l.o.?@..-.?-3.?"rp...yM%...J.Q........5K.4.Co8.T..Y.oN....1....b..}.e0........q.....]@.....J.A8ER.6.........h.\0.s..6+.T...S.... ...q...@.f..Z.c..n.......3
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37277
                                                                                                                                                                      Entropy (8bit):7.995781165140848
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:4Ee84NtqCJKNVFMZAGZucsQtRywVItMPXJuHgf9ijWfcyCD97w:4ELxCQATRYMPPcR8
                                                                                                                                                                      MD5:3E714C69DAA4D3E399ADACAED694C2BD
                                                                                                                                                                      SHA1:06B9EDF8D828EDB869BDCFF695E50E65C92C0610
                                                                                                                                                                      SHA-256:E1CC6996998702AEB69B9DFCED9D5168F0A2D22BAC84C98083995CEF59E6B9DF
                                                                                                                                                                      SHA-512:F6AB4BD3FFD56F6C1E29BBBF6E400EC7E19AB992891AEE03D08BC582816B6C938DCBA4ED212FDB3B5A453EE96A30D5DFE9670A15B416198D8559353E30365809
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:N..;......./.....V.DtU9..u.]m.{b.U.%....C..._.q..G&..r.}n.I.ZH...i........#b.V...h..A...}.s....c..>..... ER.%.........0.i.5..`.mt.......././.9...hg1y%.u.e..H.F....'....x..^.0..0.G.^.Z......./\..r..w.G.<H.u_.:.d(..6../D..6..Y.P<f..'#..7_../.rX...0...S...,.}......b..`...q.D!.I1~.....c..%.A....'d3...3.(.w.dX>.a.D..9(.&.v..M!.n.......l..Y......."..c=.o.|........S.-..q...}...}.......7.-....u.u&?......'.5..m...'.n.....f^.Vf.6..i?.5.)bF............k...oQ.5.....p.:xk....2.;.GF....{)Z..H...9.^y..U^0...Vu..cG;..=5.].].F:...D.........\........|.z.6xOz......3j[7....W..... .Q1......g.E..VN3k..].{m'.Z._..7..l.?...T.QM..r?........u9...v}..R.?.........F.......-O.q..b...Y.L....~n...".g.......4.v8m.K..Ub.:L."......%..E..d.AQ..c.....p}.{....s..._..n.*N...d?...B..;e..H......C....z..%.;...Q..u. [h.c:]O,.\...h...[..Va..h....|g#.]a..{.%.j%|.(/....)J.....j........j..f./..>....$.[......=.3...Iw.i./........y...S..).Q.g.b..<........?ZP....G.o.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37274
                                                                                                                                                                      Entropy (8bit):7.995156476349966
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:mv91hWUJrCg+0dv9odX2ASxE1JkpWv+GPFlZg67N:M5vF2dX2ASxE1JAWDFlz7N
                                                                                                                                                                      MD5:B911EC63B794AE3821E93569A39AA94E
                                                                                                                                                                      SHA1:AF51B5BD005D2D7E80809B8B14347E43177DB938
                                                                                                                                                                      SHA-256:10C4A770CF5275FEA64D4117E01878FDB58EA389AF9C6E7B95D8F0BC013818BF
                                                                                                                                                                      SHA-512:1F70C3BFECD43C5770EAB6ABC92FCEF415B851BB83EA60A596E77E7B4A012BA620B5F5B84769A54A260272E20DEA7DE6B61D886FF2BBA0D02A90C943F355E6F7
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:$M.......@.&.h.. t.t....d..~.a.... G.kxYMV._......k.d{..DX...D>.f.N....}3...\.Ci..:...._.U....[..;.^3.l.8...Q......#..A.b.h7{...x...&...DZ.....D....?.........'4.C..e3.d.....1d...[......v...1....=..Lu$.L.{.']...L.. .......T&?............!....p.h.@d...`.~..k}E.k.g......R!y8.{...o.#b....N...FX9.3).P@...l....%.5.P.....C...K]r........f..B'..F.@....a.....0%.AO...!.N.8C.Q..d..H...8.z..1.Gh\avL.......u..X....j\5.b.m.E%J...t=...l.;..?.Y....B...6.[...p*C..v]n.'..}>JNA....i.....F..Br.Y...O5.O.....=..)&..m).._~.u..~...y...N$6k..."|...Ql.......YXG.t;.9W...5.....r.Q..LFP.`.L.....h........:mX.M=N.)....:.W.<.....R......Mj.L.(#..]..[.7.:.....l...C....#..N2.B.L.(..U_a.Z....BU.{.YS..&....T|.7o.G.N...)y|.g...{>R..]d.tT./..a...R}............3..f.i..M..'kp+M..k.MM_[?.9.....W........c]/...A.....S..q. .y.Pr...i....c:.!...J.......?.A...W(...bc.~.S.W...y~w.w....SRW...\[{.|..w9......\T30....\.....}.o3G...'B..J....pd.".."0F.......$......E1..w.........dTL... {...u\
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37281
                                                                                                                                                                      Entropy (8bit):7.995172410031252
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:Tu66tzLENTY0E00xW6l4awbTh8bl1VpHl5w2GwTI4iLeWpkXMWgz:Tu669LEY0+xW6l475ELF5wZwpiLiXo
                                                                                                                                                                      MD5:E4F731E9A55900CA38CFC2AC306E035A
                                                                                                                                                                      SHA1:7839B7549456B3E8BFA0760764D9964EE8D5C239
                                                                                                                                                                      SHA-256:1F3EB37EA79EF9981B4DFED4D76F27794C89DEAF357716F9662E8E7744F0BC09
                                                                                                                                                                      SHA-512:17E7A838FD87872D52FC61B4BC8EDDA2C1A1B0396659D00135B8B831E68657100978BEDA0EA9454E9D6AECAB84E7A11140EBBBDD791727656BB0BECAEE5CFDA1
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:9...n'..............c.Wp.C..SC...m.*..Tzh....u..Bi...W...ZO....NQ..7.....`.j........|iQ\7.M0..........s...G.A.........:.s6...Q..5E.......|.4..T..&..u&.5./W.-..c.5.|..".......H.b..0.)t..H.6.\.t......q.....U.(@.|.*l.)Y...d_O5i..e.!.G....+4.n:....^ApS....g..VfK....t.C.}.2\..|.....,.q3......./.............2Q.?.{4..1........m..>WKy.......e.O:w..O.!.L...ha.C...)ft^.E..../6.\....v.<#.u\*>....M.E.I.?..h..*..b{..M'.]........r8.Z.t..3c@HG....Iv...-.n../t..<(.6.....h.............=|.@B..7.Yw....r."!...?...2.t..S......\...,.....+h.Z.d......O....9.B""...a.....A...>...[.. ...T.q\......D.Bj.]xl.kN.kn.....ptc....P.:...2..=A%A.s...`..`............9{{.N.Y..I...(....>.!#C.B..0..j...~.....<.>..<.@.Y.......=......!.g.m...R.a.I.... U.y.z.".C...tK...+a..S.."..x..Z...&.?..4m.`..r...k~~......D.U...5..q~...a.6~.6@{.8@.,sNK/W.W...^.Q....2&|.4.k........p....5.......(J.&>..k..F.....?..b.y..v.>.#...j...........?.F....i.I#.`.&y.r...D..H..g......Hh........^'0>...F.e..p.y..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):31407
                                                                                                                                                                      Entropy (8bit):7.993639562448753
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:IyqpaHRcvNwIOMZ89Ve2EGIOBz0RG/hQ0YJrfkPWBP:IlpaxcvN0cYsuIez0RG/O0Y7Hh
                                                                                                                                                                      MD5:E42A51D642055B2C493DC0A0FD79DA47
                                                                                                                                                                      SHA1:8E67E3CB5CE16C5AE1F392BB45B31A27E05594B6
                                                                                                                                                                      SHA-256:F06E5523FB9A19FF21B1820A7F68EBD5E8AA592C96ECEACA71503A05829834F5
                                                                                                                                                                      SHA-512:2C5DB4F20D69F105E0513D483F585582D1666010CD862BC64BA12F44C98B71C361535001BF5234C76C0A9A1C76C7018A29679E55AC3963F6F295CE207EE90047
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.tu..H3LH.6.PVa...H..!=.../ra.+..:.stp..ub0..U...../.9S..h.S.Q.... ...;..^.C..e.....S........Z...~...C+......./m.{#.U..iU..h.8=...l..I...TA..z........PM.`.M....K...9....{.M..=2.N...F"D..3^.......T.R..{IS...f.vCoj.^w.w.JD...g...~r...bS........e.A..X........O.hy...t}.g..T...y.S./.;...>.Vr....@q@/aB7....K...h..........W.j....p.M<5.n.....q..*.......Z:..G3.X;Q..A.N.).......p>..C..L..lD.+....3V..............1..`..Vo_z(......f..=.4G..7#....)..m.k.#...c..L.e....8|.zm.k<d.....*.X..........%..FR....[!F.nE...}gLh.>B.&.V.>V.JZ"..]..3J..D...O..A .x.9._=xs.@.o..r...(.8`.l>..n.l&To6 .S..G.W.OoW...XKK..5.....i.g..r.!..S..h2..M.."]....+..s.1.}.>>...`....2%..|...^{.f.L...-.ZT.V.>P&{.,^...$......s...sb...F.....S.c>_...-CaM.m.B<......P.W....K8|)@.i....VV.S..2...2..C..hnz.t.6..}fwb.>]s=.n.w>..].......e...;..a(o=Z%Y...>.hbP0..K(s.Ev.kv...q...(.}..PX._L.Ln%W...9...&ia7.W........T..n..%.....P8..W07x...c.....0.m!.F...#..-..m.K.|c..R.....>.j"\.....X.....N..D.i.Tlv..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37281
                                                                                                                                                                      Entropy (8bit):7.9944461391803205
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:HtB29OgjWgfAER74D60Z0h76DyBfZiFOGmcbLWdkleFlUDwR8:e9OsWgfhR7oSheOKicbS3McR8
                                                                                                                                                                      MD5:2E8BBDB8E0840277667B65C12F107197
                                                                                                                                                                      SHA1:AA3F45996EF53949B200AD6458D3140F038B2BA9
                                                                                                                                                                      SHA-256:146B899BED4CDCCB86AA82B5F4BFC2F33626AD934AEE577DA4D61AFC78A4B012
                                                                                                                                                                      SHA-512:4120099E22E6E079A9FD56040B73BCF323DE43EC3B4EB8A2976994244F47435913C3E2D41A0C63B8B4DDFFA02878289CE642CF66D79EEB8E98A7899AB85ED35D
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..V."XQ......<.-I...{...z]..,..Ly.Ib][.:....".E.....9.. b.....#x.;N.......g.j..sO_._$..S.h%]B..t.%.}.n...&...X..}.^.)......<....9.c.........#"....;l......h...s....s..6...^.......usml.F?Qf.A...\.T%....o..F.....4..JO.$;.u.Q./d..T..o`...o\.:."..oa0....m......Y......el........."s./.."...W.c...X_.....q....U.Ti.`.<.Q*.m;6.6...@....<t8...iQ......`.r...m.5....y.."^.s.Lw.xr..Z.D......+...&.%.N6.+uI.H.Es.......6Pwuc.[.....t.V...m.q.}...u.xXp}P.Y.Z.H..TW.y....Fr.q.....#v,...]S..."Ds....=.........!1.....\......_a/....{%....$Q.......O......*5~.c.9...Ik....2.D.O.r......C3W...._..._[..Rlx9...|.....6...Er.p.=...N=..N.W.Ix..9.f..~..LL8.....li.....q...oA.e.".......xU,.q`.[.nv..^.B...<.k8...H...2.X.C.1.&...5...n.AH.S*V..\.....q.9.{.Y"...>..rc...?..&.j.....$J.$9zGb..:...0(i........t.~P.]..V........P....{..f..JLB.c..t...c.q....S#/..O*t...Mhi.....X....:..`...~}e...}C..2...h........^.a!/..\........=.G...6`Cq...H...=y.S... ..%.]....2...w..O.Z.B....l|...MU.....f.c7H..u...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8180
                                                                                                                                                                      Entropy (8bit):7.976849380531645
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:SMtQO0WW1da8if9e/7nTIG+PbGOF03vpVOKFyv5jMr:5tQO073a8if9e/LUTbGOF03vpXG5wr
                                                                                                                                                                      MD5:89D21E6D08619C61062D78293BC0F8D8
                                                                                                                                                                      SHA1:59187034C1D3AC16C5D679890D5CFF696995D3CC
                                                                                                                                                                      SHA-256:442615F0B53AA01437683BA571CDCB7052A259B8D438DFDF01568725D4252AB5
                                                                                                                                                                      SHA-512:191AF0A967254E5CCC87D8B62394D59AC5EC521D131A6A229AC746594F75199B53BE872A6F4678DB47060494EC0AA425F9F57D7611D3267123349A2E2C3A2257
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.Mr.DD..EN.Z1...N8L>.M..d.O.6q.0Z..<Y.T.`znIkR.E.`...3..~exdU.2...p.N*.Bm........{...<.#..|.z.8R..Z.p...']...R..O.9......m.$=<n...P.=..0...\ .C.f.s.k.j.%U%.h..Q...P.n=..\.N7.M.T.v..kS.ol..W..*...m........]f......SL.A^`...#"c...T.|..ugG..V.[..C.J.H.\...%M..KQ...Stu......H.....!..GW..O`..L..&..P...A.3..IJM9.L...@.W]..70...>.6..s..Z....kuz.y.>fX.K...3...Af..51..s....t..!....&.M....\.J..%l4*z.&K....u.Y....k6._...?.......1..w/.57.D".[."..._.T......>..C....,C...7..c...=..G..5:~QBB.....U.v..B.$N+2....A<...X...xH.?....Q].N<Q...n.m-qiB.U...K..f.....3..R6o]....#6.<.\.._~.~T....&....='....J:_..A......R...........[...Q#..s..1.....4..k.O..wa...4.N.+..A...:..4..CbC.......{`ws...0.M...g..W...u....{.` W......w....+.. b.D..@!...y.....;.pv9..i....?.N..........Y..7])..W....G..n..xl/2../..}..c. .J<.9..&.:I{..4......5..........Iq../M9...'.1}...j..q[..,{..&.`=U..q..{...k.HM....H.5..=..~....... 0.14u...~../y#].R.08.....o.b.~.8.U..k..o....@t..60.<.7..jk...'.!..o.=..A
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37285
                                                                                                                                                                      Entropy (8bit):7.99595948156939
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:291ICKmVKuK1TJAGZEGBDxVVCfrAUBNDRAAQJLTOJHhLf8ffwPWkCmTni16DaP8v:CICQ9CALCf8U79AAO/ch4foPWtmDARPW
                                                                                                                                                                      MD5:E1A68C3AFF94F56A48DACD040D3DCB2D
                                                                                                                                                                      SHA1:E82A72F69E24CED6DA790DA4AE4CEA477A9F112E
                                                                                                                                                                      SHA-256:63E382E29EBC29961D282D576C50D5BCAD89118221085219CE035ED3CBBA1C71
                                                                                                                                                                      SHA-512:43C943574FB919027844CCFD54C70F86216AE15740E4399D4BDD3F250E4721814502778D26C388C22D7ECB29E6C2A58ECCAFDD23A754290952FE55F49AB66063
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....>.ba..>Z.H.......GP.g3'..$N.7....#.c.7z.6...p.n[A.wB{G.*..=.j.Y.! ..W.N.d..N...k.f.\#.6T.ec?...at..3..~.X....i.^..:..T3v}..H\Xh.._.]a.......+...tOW.wb..(.Nj.\p..l.>......3....6..o"@.R...O8..2LZ.C..9pU..r.8~.......qB.;pX...........jl~..i.z.x.....1:.w.......z.2...R......v...p.x.9.[.o...ZqB..o....7....P../.P.....V2.....s....A..$u.o..y.jk.> ..b..Q........`....\O,\......F...}0.ho......o...E}..j\...@..x....v}.Y.5...r.h.5..J.....eR.......F.B."..j...........Zu3..Z.y.!O.:`...F.v...GmS...pl.......%.i..<..ntUj7..*p@+X5.7........x(.Sg....4..../..5.0!..V...4.C....?.....-.wHX.7......h.....h.xD2.Uq......E....j...]...y....>M.|.N^.^....q.......i.?..v..}...}.In.......[...Z...>..G.......u..`....^.g..n....?\.dUC...`.a..Nt..^..9..i.9o.c$.....7....<..n0........".V....1.U.|,......& <..S g)..C..,.^..y..U...X.6.g..wqIv..G.V5RY.KiuR.9.g.........`[g2ik..A.z`Vc..l-T..#...X.Xp..F.'O..U.....bt...-.............%......FT.b.'..g2.9.}...`.3.$,Eg/..2... \5..5K..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8168
                                                                                                                                                                      Entropy (8bit):7.9782389939810825
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:UiAYC6jgR9bcl7GsTexpk8LV55DGrB/nJcBS6h+lJsuv:U/36n9Fex5LNiR+4ll
                                                                                                                                                                      MD5:2B777C5D07A26F1E91FE36A9CB7938B4
                                                                                                                                                                      SHA1:7C10737A59D2144F9191647E5EB9C464131D6B88
                                                                                                                                                                      SHA-256:58D2E836EA6BD57E3E2C7F220971DF54135858EBF9614D0E1E5EDE46C5CF0408
                                                                                                                                                                      SHA-512:1A5E7B600D36F2ED0F8D3C93E80753701D0CAFBAD48929A818E9717349F6AD9CA325D060AD3E0BF6C8C00CDB104CC8114EFEBBF0834173E5504EE506D66B4D7F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.R.US....X.W.;V.....m.......b...i.#...Z=Z.F....x.x.....G.M_.:.&n^xU,.....Z..J.....YRgi.H7..../.:.2.]B..&..R.0k.^.=..:..,.........T..O...P..T.D.. .:.#.?.........W..XC...{../..`....x*..h.........*.".......6........[./..13 .BV..'@aOz.Qx..P{1..]..Q.VL+y....t..n.....h5...C.0H.......'W.PE.Bm..A.L:.l..........|.+.@.|Cog.K.....*..&.S."4..6....I..x0.8f{d.4..K$......5........y.K...1.*.9.....Y.Q.1.J(AI.(.7..w.2.....i.3`tI..xh?.g.....m.gC.....8.G..q..z..m`t.....j.W....G.Io.[..].$K!VH.o......!.nm...$..e....V.b..^..h..8OP...m.. ..,..#..f.?9.c9'...813....*.t..p...rm..q.(......!..D...;.P26l...t...@..G>YOlzO.D.;..t.R?.3h.'..N.>.h..b3.......8.:.q.^..tWJ........B..*f..A.Vo..e.........%.R1......af....#h(...N.U.F>..Z/fE..c&.i..y..m....W/....}.*.DU.....v...5.........LE.8.Z"..1.)......gB.......I.(.nTe.....)...)^.IS.V2.........Vy.3X. Yi@4\...E.T....{I...F.r...#+.d.'....i....._.>H._....}.#T.1JR..0...3...@w.B..OY...}v..F.Y..a.v$k.....4.."h.I...:,86-q....-
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8183
                                                                                                                                                                      Entropy (8bit):7.97503367635259
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:f0IsrNQs6tBv/95Y1QTezVHGKHIptju3Ua0xq43Dr/f2W:8IsrNQLJ5Y1QgVmKHEjwUA4nmW
                                                                                                                                                                      MD5:E9F8EC5EC3A8F0A5B34F6370D38B0541
                                                                                                                                                                      SHA1:4A6EF9DF3094D77945DDC1AF9DECA12AA6D1EE55
                                                                                                                                                                      SHA-256:619281DA50B780CB88A44479F564B061AC7BF41141BBA6F4CF9D720466DC6EEE
                                                                                                                                                                      SHA-512:17AD18E79348793616CF5D04FF9B6CDA2DFAE5AC208AB7AE72774E80EC6D82FBE3914C07D2AC2D78F625C5A1B1A526D26A349881F2836895F404655388357F1F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.5..6{...../....Us3X.[.io.....%..3..QD.Cy......q....3R....F..h..x>.) .`:5.<.F.dquz...^[Q......q...)....j..o.....C.q...$...T...-%O.M..../....y.[x\[.,...k~.[.+K.t+..I.ve.<.^.....9...~....N&...P=)mX.pN..dT.=..=]../..e..j..;....R.....c!>.fS.;...&E.c........w.L..#.....}.H..).Bd..CC..5...F.oR..K..VI".o.y.W[.%.4#.x..M=..).4..p.=....l..fq....`........*.E.]^.....'......kU../*....,.;..;X..=.%..<V..+H.u<.......Vk2.\...L...d..OJF..i...Z.p.}...._..A...zR..t.{!d.F.v..4..@...xn.<.B`...g.>z.!S..m.o).B..=B.U....?..d}J...W..q..:....F.)J...c.).&.s.....Jq..^..T..V..o....bS#..K....E5.Q...........#?.Jo+...7`.2.....q.....>....3.%.{A...P..*...C..u..7.wc....1..`"/s.d....\........q.l{......lq.p..Y..;..Z..5.....Yr$.n$h.INJ....!r.nO../..;.k..#m.F(i.^...f..i...&-.....u.X..]X..!Eb#....k....C.#.....y.Y.......g@gT..g.......z...p..LEsu\.E-....xQ....U.oE..~\FF:H.(..=.E.r.#.. %l.....i.va... ...z..w2...K..%D.Z.Uo......G?V.)....P...G...2.K...B.......'.......)..8.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8170
                                                                                                                                                                      Entropy (8bit):7.975627269299305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:iKRKHpnNYu6NB1oQc92kWdErXrhYPnPoqSh0uudB9:iaKJNYuW1o9BtYPtSudB9
                                                                                                                                                                      MD5:813C8D27FF6072CD1F3D8A357E31756D
                                                                                                                                                                      SHA1:B61AA2BCB912D1909ED41E9B041664351283897C
                                                                                                                                                                      SHA-256:0856BD72EEEBA86116451AD00D2A1165FB226B3108464CE7F7714F18D4638C14
                                                                                                                                                                      SHA-512:546D5F6777AEA404866F0C5C95897C782511320EAD1E148E19B7FF303A4DFCD03780818FD8D1C9EDCE33C054766E3B58C790FF353A5209693A18A002728718E5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.:C...B.}.H.I..U[..;...Iv2L.....p.....9Y."...+.O.0X.%...QV........O..&.%"..T?P.5.u.M.....Z7ggM@k.==...q...>..0.^.5.[...A<..."....../dL.|[..UB6...e..38..9.$...<...._Q..L..\.uz...>.z.Jz..$.r.W.].}db.cP.;.......Hh.h2+"......zA..EC.<2....q..k.....a2E...+..t4..&.O..$....gF..TE.......[+uP....9..wp..>.....O....h.q."..;W..X..r4.a._)........]f.....#........qI..^.0.`...|.pA.{..f....c.....&8..cE...t.@.m.Q.`.."...6GZ.f9...<.\..P2.......d.../.;.....".G{..".C.3.U8.......h..?..oW..#...<.H..<.\...D..w8/#..O...S`........?Fb.JE.......#.;%.$.<Q.=.....N&..Z..u.}o....r).J..Qa...b....?pRm.....nr.....6O..8..9QW.w......&.f.....&bc..r OBz.."::|...]..F.:.7C2d.P..7..E...C.X\E.Wps..|P.Y.U]E..(..dk..8..T. .......E...._8}LAr.[m..J%...@6..Ka.;.Y(.0n.78.].~...F....+...^BD.`}...g....'q$cQ(.Yk......p_.FbX @..}...|...*d.O.!-.P:.<Jl..%v..1....M.>KA6.C.c....?.6[.p........:FW...}8.L..^..q.H,0.+...`...........d...fM...h.T).K_.w..Cv.(.E..f.8........p.....\V.D.`..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8170
                                                                                                                                                                      Entropy (8bit):7.97653523807695
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:ZtFkVT5YD8QXF4nCXiZYc8UHR9mHLQiU2EF5jKU7jcaY:jKVT2xXd0dHRoBU7w/
                                                                                                                                                                      MD5:809A1F4F247A0B176B3381566089E744
                                                                                                                                                                      SHA1:C25E50BFE30152BCD4FE33944FAC7988F192687B
                                                                                                                                                                      SHA-256:9856EC05186DACFE6E10605E9BC7309B3DF9BE21E3B3CA74479063F10B389BFB
                                                                                                                                                                      SHA-512:EDB9DF7F95A4E6D1D855C67471E1256C3DDE18F6C7069F60F0DFC454333206B122FC04576748D42C1EABA76FBF85F36DC9E081F7DB673F811395399C8EA7D265
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:KF.Na...Zs..4..^.)I.....U..`..B3f...|z.='........8z.O.#.b...w.qL.@M.........^..(K.5.....x.-.>1,..C.H.........H._..'\K0.....?...S.v\I<|...w1 ...8DVvh.|.........+.-xm.9.H...*..k.......@Y.4....fbN.......~..q!c..h..I........j|..To._~.Y ........Fb3..".8..Pa............V.E.&..L5..|.D...H_..F...l...f-....^-=s..... .S.M.........@FK...8..C....].~.6..-G......n...L.......XZ.luT.&.X...W..x>.<.|Hy..(;D...J.....%....K........Im...uy..W...."..7*.<g.....'......N..HB.OZM.E.....j.N.^{ib....MM.l.F.....n....V)Q.s+q;v.....W{.;19z...b.&\....."..Q.E^..a..;..x.....w...?........l.fc..%......s%e..~ QZ...:.cO.3.&Q.p8.I..:..Z.8...P..\...h.d.".Pu...:.Ng.........X./....G...^q.|.1.}.Z.|.*..^p...v..D..|..+-..O....zd....W.I.?8.rH@...-.=..C..Dk.N.B6d..x......l.....@.}....Y.s..z.YR>s.5......?........Y1!.....9P.....'(...'9.I.>.Z@..e/x..!.$...1i.._.....z..h6.`...x~g...eA._.f..lM."I..4....e-.,.....j.......r...1C.R....z.J.DT.B..3k..........O..d.....I.@..h.Q..D...l&
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8170
                                                                                                                                                                      Entropy (8bit):7.9789728042285795
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:A1yvqKWAl6KuioV/XZCKVx3QLIzyvB4kV2KBtPEuNTmK:JCKWv4CMc+6kUKvEuNT/
                                                                                                                                                                      MD5:EFC848C7308C836AFB603F7B494A0C60
                                                                                                                                                                      SHA1:6F2C977EA2A2B0DFF0D15F06E6A9062E1C877ED6
                                                                                                                                                                      SHA-256:47343FB629BB0331ACA6C01105ED42074809CAB3A9D7CF1B44686EE95A652F22
                                                                                                                                                                      SHA-512:FFC9F6E5D3DB135EBB049178D47956156E5E26CFEB86BCC498659227BB414780139C2F5FFD73BC3F149A1EA5B84F0EACC86A407A517C1601B37425AC3E64980C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..2..?.....,...QF...h...,.....e3...sJ=.$'.H}7s.x/@(."..6. ...:O.....R.........,"<* .*05.`.X.....O..J.%.u)."....Z..]..y.T.".......$.K.+d...H.5.........[w..F3...H.y14#..co]}....nsyK..x.-.....t...\...K...i.........u...i..n.]....2.:.19.C(.w<:Mk6.[.?.,..."..R.2....U....e....j.$@)..O7 ..?...M..P.'.1.hA...w.....$....t{..}K.`..-.{.Ir;......-n.?..k......?...cH.UC,..E.@..o.t.....Uj..n...E.l..e.p{..._.....A.#+.vB.K..pi....d.....VI9.^e.T....0.-sU4..pbr.r_...,.? .bgdQ.....J.gk7...<.*.u..+.......#..r.....g.'T.%.J........."#..j.~.b...o........Lh.#.S..P.A.(=.z..9..R.m..i.nr..5w........b... .h...,G..>....0..U.U1aT.....LH.:....N.....7v....D.T...F..Q....^.'u60[....7+jb.r..P.i....(A..E..d."0....R."...e....k.J.i..T.&...m.(4.N>c...iXw..\.].....[.f.9...[...U.n.Dl...\..b.$...G.+.@.,i..wUm:;...d..."O\;%..3.gt......?\^.O...4..qS.._...9.ik4^e.i.i.Ls...(...#....s.K..\.7<z......%.r.%W...X.R.4:C...y...oI........^.LX.x}...........T.....n..e.(..4.b.:.y...,,.?v_..^.....U.J..9j...?
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                      Entropy (8bit):7.9790158698005476
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:ejnoxTglXGP5aw6fVC1t8rL8z5sscPE16ZZAkTwZinzoD7:+URl69Csn8z5hcc1gZTwZ2cD7
                                                                                                                                                                      MD5:56C90542877FEC751CC0C5CCD155FBBC
                                                                                                                                                                      SHA1:EF3506012B6DA8189B333582E641932384AF4613
                                                                                                                                                                      SHA-256:799B270D031CFCCBFD4B3046900B6F7C42851BBA8945E85A1A67AE76B647D9E1
                                                                                                                                                                      SHA-512:BDAB3C63E99EEEB3FDFA06E58D1F8B7552E6F305ED33217C504437A38007E4E0EC36C8EA16C596F52BB21CE2EDB139BA59F720395C38C2B783509E15D3AD6592
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........<.N. nvV*....P..P.6...1..h8. .g.K.7.D.....Y._.%|)h8.>4..L..1NU..3.D AC....o....% .;...Z..yn. .4wo.j.L.&m....E.....9..0.......so4.@/.~..a..(.!.OAez.q..iM..P8...5D.cz..|k......(.{<............*..p.N..YQ.X(.....6.0......[...$......U....:n..JsN...D*...h...^XQ....c..,.....+.f.H*..D..q.T.....i6.m..)....S.4..|_Pd.k.`(.uN"......L..8....s.6.y}........7s.1{#.).S........j....0(1..us.m.=../..o.bM...(.s%...o......fcsi.y;c\.5....?..t..+.f.>;..........*}...t....iI^.[....@....q...`^.9g../.u....."1.?....tI.Zun..E.P.W...k,..x..D.e..^bu.....V....6.. ..E......:Q.;..5..1...a...b...F.|3..A.z0..."q......t.^.^q...3..k7..ae....%.b.tW..9L..12.z.1h..t.;.K...y.'G ......T..X.7..7.....~......w.9........d...J..y&.XvE.W!|q.....6........ch_..iT.p.Z.K.........#\........n...)&....z...1.T(.'..xVU0Qh..M.P.I.>rjydU.#.....Gj....+...Y....n.'...2....'4R'..+.~...A...E."..C?....2...vn1..|.....=..(S....%I.....$s..B...o..b$E7.......h.......^...f.\.:.1.<......yJ....|U..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37300
                                                                                                                                                                      Entropy (8bit):7.995381631667028
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:TGDPYxkIqe2pWPL/Qxu7TcKd2gzGAsNLJrweqnvKlsn+Ow26xMc/EaUrO6Q:SDPUkTQr7oKd2iILJUvnJn+OdgtsaYQ
                                                                                                                                                                      MD5:8654A8BADB2EA8707CE0417138F194E6
                                                                                                                                                                      SHA1:1A59C193A45B58E31D0ACCAD94FAC8493969FB96
                                                                                                                                                                      SHA-256:D94ACD1811EA6457F3EBE306A0A8411AF728C26F629F3AF8B1DE7DB318720730
                                                                                                                                                                      SHA-512:7A41FA4CFAB8B215EACEA95336976BA64F6EA249D720DE91F62D48D02082072E8DC38A43E96649F2241B22A88A8130023C983ECA4DC1DFA2DF4E2C5E14E92353
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.o.....3r.....|'.r....'f....>.M....Hy4xtD.=$.<.\_..aj[ ...r.F.s......r."].j..["...6.-h..l............DX1....o..n..bS-D..5Y|..,..;.p].Tc...X$....v.....P....]%^#.....Bq.P.v.n.l......5.x....|...Wb.yp...e..b.F/...l^.a.b:.W....c.R<....bxPAvY.. -H.Q(.........:...".0~?..E...q....B.0.=8yr....g.yJ<.E. ..b8.".Z.......7.-....Z.Y.ZK..nW.z..i..ba?.6m...k<@.=...z...{...-...6...P.....P....].v...1C.2b....l..(n...b8.q.+..I...h..#>.}...C.]c...#....5.....,.1.'G...s..... .. ....d...*..13..v.I.....q......../...b.s......>......P.,...wd...dv:.v....N(...8....6..bm..4.0.....n8..{OO....F...=.<..jS..i#.].o.32....._....z.M.......$..#P..p..q.c.I....n.L!m'y.9....7..g.1....=..n.?DO..FJ.S...}h.Tu..6....M..8s..Z...h...H......x4L....{.e......u..}../...n....}Q-.Lj0...N.Z.....1<.,x..D.,..`....\s.n..7jh.kK....,...C..........v.[..#.{...h..9.......?f.Z...~.;.o.'&.[...9.%F....a9.+....Og.[.L.Yo.I..f...~...FW..3.M.t....p..-.......'b.....r.92..-.(.wl..W...u...)L` .jcv.....?h.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37306
                                                                                                                                                                      Entropy (8bit):7.994930066104027
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:+deJmhJqj3BoE1F14ifhLfd6ebNq9XWXwBCBMtRffjbZjSvTNzks:QJ+91BLfd64NSX77Rf3WFV
                                                                                                                                                                      MD5:0A5672A09252FD73F72C7EFD3278D60A
                                                                                                                                                                      SHA1:F09B3242DF76225759EF727396E112DBC0026A2F
                                                                                                                                                                      SHA-256:E8ECF33EC0DD027367E107B2ACB83A4FD0EBE38D75D1A422260AB0116A19AF44
                                                                                                                                                                      SHA-512:3A5108ACA94DEAE07902C5A8A9FCC64CE744C61A3BC4EC122014193DE0E9E2E0CB5D9D61F7563969008105164E6E875DF8EB7924CA6000183C69EB04051C6691
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:+...;A=.+L..0.r8U...S... -.f.R.......l."A..k....c?k.|o..;^}...<....?...!...|._.....k..r.....6z.0..I.z...sZnI.....N.H.m;kD.... }....|Z(..Kh.s1(z.zk........j.....C....w.S....9m.-!.H.p.....J...9.I..Z.......C..|Ci.m...(k.&:..8V.....'Y.q....7....."b.T.AC.|E.2..9\....v.3p.H.P.{:.6...Vm...}../$....>.....a|f..#..N.yPU.0.@.oG.i.J_`.}..R.q.}<..A..fpBz.q4......h....-..2.....qw......h...dX..UY.J.\).....T...7..1M.Q._...Q..J7%S...AOg]...I).ZTB...2.......#Z)...`...o......t,*bU`.<..qu.g.sW....l.c....eBUt\....I...)1r.CK......w.9....[....@..._.>4..Rz...d.}....1SB.....\o.v*D..'u.w.V.8...iFky..X....x....Gz....O.U..d..X4r2].y..~$UJ.....L.$*QC7VCQ.fi.kka..ew..=.Zy".bV.2..}.D .."M.....\G...''v.L..A........../_AG.......w...m...VG.....IO...v..S+...PX./..h......".......3I..0P..>.w ....D..S.'..X.J.....F$4..}E|K...o.=8.{.DTSo.e;....9.q.......O.E.....n.......k|3..[.B/.~..2.-..D.H....'h....q.@..c.a>......Cm4.$...)=...>L.%okl$.0.~..G."T.^JO.O..D.?.h|...g..;.s....]..`<
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37307
                                                                                                                                                                      Entropy (8bit):7.9953911869430785
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:FRS7nM9Td2QW0I4IE9eJvb0I63rstPmOQb+zf441xEAQsQw:FRS7MFd2QW07et87Zdb+zLZQsQw
                                                                                                                                                                      MD5:B1DA8044720543BD1FADCEE30617B682
                                                                                                                                                                      SHA1:B4F88ACB050BDC29CBC4A5B02584EC62F1B9EEA2
                                                                                                                                                                      SHA-256:CD0B24CC8D1A1723425639727ABB31CD1028F02C7929C59A7E4A089304692CED
                                                                                                                                                                      SHA-512:F0D601C2EE97FEE8130CE1699ECF33ACC9610D36A4ACF9F8B257917E6A2CAEE80D06F30206A661BBB9F92C9B492FF8507789D2158B981629A2BDA02B3EE57DC6
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:z=.T..m...p@%.(E*.#.vj9............sOb......HS....D..g.K...$._.g.,B......HR.@]..%^t.i..Lw..jo}.....#.....1r~f..UT...=......_.....#..4/..f..?.qSo...i!.......n......n..W....M..R....q*..i..|...8.SF6...bW.aeoSr.0..L.a ....>.....7&.....>Ye..v9..B.9&...T...Hh..WYY.J.`.zX.3..?.......V]....%R.t.O.a9.S.$^4.{.....v..5..x...<L..8.(.).....ZixxY..6..<.......O.d.|..op..CKQt....O..*...........m7H\.8u.....7\...U9.:.d9.=....7..4..9]UL.o ..M.2>f..=6.G.$............p.Y..../N9T..t.....p.?.88...:P _.!Wv.5~...r..W=....T......CT.)=.p.?..`..g*.k........*.....8 l..5T.p....\....4......3..Q.ck.T-.....fb.n.q.f..........>U.m.......8:.'.1..x|z1=P|..)....Y".w[m...B.........sp..,..$v.Y.\.$.&\..H.9..=...^......q.\....A.KzB..x.}.TP.*..y.i..........E.6..@.D..@|.7G..uW.N-+.^..&U.: ..(..}).<Eo.+..H9O.Q...|.*..q#..69.^. >D.....M....x.f.B..9.<...k....U.i"UX.P#e..@.vo....M...e....K...qS.......?.B...K...jxh.."....{.$l.tSil..>T&@.x3.a...ra...g....BSg...p8.C....k.7X.........v.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37294
                                                                                                                                                                      Entropy (8bit):7.995382217772969
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:D4gW37te52r/Rsi0/SE8n586tRFZjoYLPduOEQSmA/fncUT:DrWrte52rGf/SET6tRFZjDl4BFfncUT
                                                                                                                                                                      MD5:4AE1E0E6CD5362047B98E13ACBEA7CA9
                                                                                                                                                                      SHA1:0A8100F71E6391C3B4DF61C4D9BD609A1CCCCF29
                                                                                                                                                                      SHA-256:6F0DCFEDCE35150B7CB0066B7A3F8EB631BB6E505D713CEF3F1F62266EEBF2B0
                                                                                                                                                                      SHA-512:62B800EEF5870B702BD8B92D933C08BA338383A194F6685E6882585B83B5FF3963549650B436687914958DE9761821F1B25ADB9D9A17B1A63AAAC2F4C4C28EDC
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:........N8.C.X..R..>_......?.z..........=<...........s7.r..d.K..l.G._Sr~V..zt~..a6..<6.[..'.....#+W.5.|'...%4S}.. ...9..".6..i..?.V..oad2.h..S"..m>.^.....*..j.N]..uF..qk.(G.....q..R":.....JfB...:.V7..=...bd..`...a${.p....3}29y..A.jr.j.0..............u_)M"...z..X..]..1.b...qn.^u...B..O3...&.U.m...)......yhq......}..&....L.b.La..nBg. ....<>...e,?....Y...>)....U..+..#K{.d..,.)....q$....S.3.....k..$PHv....c.u..K.S./.".2W.....p/4.....L.x?.R..o.B.....-...r..T.. AL.v..?.Xe.6.{...Q.K-.-....?|.]..L...f<7y>.X..g..Uv.9_.N.9s....PV.z%.*.G.t.D..=..>r....P.T.L.K.P.N....X..t...f.X.m.s.gn......9..^ZqqQ....../i.T..N....e....l....s.(-F...3.#...S.!H.2..y.w........#...!%uW.e....".w.8F39..8;Mq+...v.|...*Hu..u`.#l.:. ..'...6*[..~.a.]..(....6..t..X..j.s... .x.....$.Q"{..ZK..X....s..z...k..S.....<.>w..S..k..(0.Z....d_.f...k=Y........z..e[..Tj.}..o...)...........M9..k..GY....c.d....Y.....f.I.H..%.;..<.5Z..^M..E."c..........LN.}..v..:.~@SG.j*Q3U'..n.W.......<.z.?
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37293
                                                                                                                                                                      Entropy (8bit):7.9952403626836075
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:G9OASrw8ZuluGtt7VWU2HKtW8x9zY+1O0ksf:IOAHPUktkHKt/x9zYVrsf
                                                                                                                                                                      MD5:23879095C8E72CFA396B199BDD5D93D5
                                                                                                                                                                      SHA1:2E54221142EFDDF39052C8A4917F70F14EBFA3DB
                                                                                                                                                                      SHA-256:8B292C4947EB30AA28F398B23F4940B12DE11A6BF5F639B3E0BA7ADE60F17EBD
                                                                                                                                                                      SHA-512:2C422AAB1AEFF5DA84622C0724C389C967CF71AA55C62C206A9BD409B29720719F64EBBB291BD9EA5AF7570275AD453A1DCB7A061565B74E402227745D28B9A8
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:....ZS{z..}..3....&.[...-9o.6.\....\VJ.2.~N.....)..N......h.1S.g6..Bz..E.`x..BV#.Hh...\....PHcx.....EpL.e......Z..}.+.}..{..K^k$.\..z..[.....|..77.bS..!....G......j.J.|...=V..0...q..4..J".d..p...w9...0G...{.R..W....F.........^z7...z.>...Tw2).x.";........P....]\+..~H=^ja...R.ypa...^._...-..=......qC~A.[..a....t.|%...Y.<..U....-o.m....r.]p."....kc.p...ZL.*.,.nG8.`...U).........&p4........,.4.G..:.....%6....McoI....q.~U7.O0|=...FYbr...)NW....+...,..puS..G..h.k...X../.!\N......w...$...`_C..|.............j..x.~....Q.R.,W$.1.(lH"..i.......6m..o.FG.E..5.._Z..=.......R}.5&StzU^@..F..2l.....1=...$.N%..=n.<.2.3T..0..p.{...~:....+.=8;.o..lD$.{.p.x.Y....sTV..r.U..G?25..L'..D.D!+#...50..c.6E..&+........U(.P...!.(k@5>.nX....m.oT.j.....+>..q0.I.....6...m.q./.ij.......).1...2:.......UU.....y..D.....2>.W...vR...3M..\.j.o..q....-=,w.n>[.P..._...9.I.s.A..I..-<uX'.`...........c..B.tMi.L. .,...bNI.*..y.%,....'..}.] .x5....#.....T6..M...c..J....u.a....FAa..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37328
                                                                                                                                                                      Entropy (8bit):7.994950730677909
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:sJze6rU29LcMc802qa70UeGiI4tfHVwvDrN6l5nzncH6:Qze34LcD2f7QG9gf1eDrN6jznx
                                                                                                                                                                      MD5:71C250A567FEB74FDB69759C6C624F50
                                                                                                                                                                      SHA1:F6DDF95C3736926DCD151BB38D5DC9D75213E527
                                                                                                                                                                      SHA-256:851403C53C100533E9C665E59DD7006D14D583B663986BCED75A018B1FA8D852
                                                                                                                                                                      SHA-512:C57F42F3AD73D2960ECD31D7510C9F566A961EE8D12AB6E7C1F73366C888EE491B0981ED6FF0BA21FE937B6090319C2B36F038F4749ECBB556CD194A57ABF30B
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.>....h.vQf...Y.k,..mk9./.h#b.E......&.1....(...6.N......0#...i.S..I.*...g.U....(:,..e.5.!..&..}...d..c.H]......UC.TtU'..y..J,i.&|WRd...w.].w5....?`..q..".O.f.....b..Ta.6\......6..T.....1..H..Z..W.......b.V....I....."....X......S..Yx.0.w.V..*..C...........8...jl.y!....ff.....d..i.'&.5g).$R.k..{jW......J..A.....3..{:k..unY...EguZ.;.?.I...\{........`.h.?.....xJR....>.#.].....3Y.5.r.Jg/......+%.....C.M.<...'...M.JD...U.Z.9.....G..&.N.A......~.8#c.a.&4..Fa.s.U....z#._.Y.2...N._...pc.....;.....y....B..X:..p?...@....u.x.E..G....b..T.......E.]........]C.K..Jl.<...,.d........[.....|8$..O..#.o.]f..NB{.^.s...m.a.Q..G..\./......$...c...lL#5....zP...N.....z...Na..Ot...w)J......YU..~].a.7./..Gl...["....$..J..|...x3.j.....`>...]bi7Av~.t#..R.c.^..L~-gn...5..Av..Oa..c..v+..F....x`..P>#...5Or.X.M.l.!Q.n.?3.........7.".W..(....s...u.........F..g..N.v.U..h.g.....JE...-.......'.........>.....>....|9:-.1C.#.u.q<..",...'..%,.p......ei....._.{..b..|=VM.O..y
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37327
                                                                                                                                                                      Entropy (8bit):7.995493714035312
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:Hx9ggnT+FYzlMR+4kuyxm9NTbomCc0jRX9xXz1WWX+uSvenTXBZSN:PjTllM04UINhCX9X9jWWXzSmnTXBwN
                                                                                                                                                                      MD5:27B17CBBC9E6DC4CF49C9137346377F0
                                                                                                                                                                      SHA1:57A70BDFD4F22102FC0A59D100E5DB7F46CE57FC
                                                                                                                                                                      SHA-256:EBBE71B9DD4EA8A46EA02AE35D04F515DA435A9B5799BE1114488BD43DA4FDC7
                                                                                                                                                                      SHA-512:2791A1D93B32B8174F0E9DA00554D357295879896B80E60403F75D482F5D77724E8A71F68B3C2AA39BEEB957A4B165C006028E6D0A3440F19D1BD47FCADCE20A
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.F..f.8.2.-1...h...."G....S.1s-...^afRx.A.^M.....c.T......&Bs...]..4..H.....9..Y.J*|..T.*.(C..76.$....F....`6H.F .Tq\..U..XG.<..E/..l[...X..{.wu..aK.e...mi....S.".W. <c#?.x....n.....x.Z.P9/T9.^V.'....>\.~..V%_..<H]..A......C.#.....U..;...~...,\\D.^..s.s.R.eW...t+...p./.He7...2......z.(...U....'.....s..8...0...0..5...L.Q&..m...w./,..v.p.......x..j^P;........$...'..7.J.!..0.I....k..)%....-a.cD....}'.C.....z[RJ..=..p../z....DXB]..f.I.#....-.'..7.%2..[.%....XW...y. )LcP......A.../...,Yx~z../..5GP......sv.,..._{...A..[..x..|..w.&..B.qdu{..6k.-...ej..d..6...P..iG...[...J....o.Z.F...H....h.......</.6P.|T.......d..k...H.Em..e.;.v......$.@...Bt../?L..~ .&..e.....PK......j.n.zy...d2....[..8.........s..8.3?..K...sq...l.o...2a..Y.....q.[.].S..z....u...!..`=..nb.R.zK.Nx..?:.....`N...s..Y..,......E....a.L..`.x.._4`....xrz....8.@.!.c=~..g....QK..g(.WDH..g.....b......,.s...z.8..Uh].....FhG....V.p<.0..U?.N\.....4...P.jM..@.u...S.....aw....N......
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37300
                                                                                                                                                                      Entropy (8bit):7.994837611228261
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:bdKqeywO2E+oSXEnzE5d1A7qiIa5CmrGdHaQG8R2Lojp6:bdPIjE+oSXYzEv1zjabrGdHyHEjA
                                                                                                                                                                      MD5:D2AA594E65EC5A9C10AB37E4B9944EE0
                                                                                                                                                                      SHA1:1468D507B6144229D17B99A1851FD8079B3FCECF
                                                                                                                                                                      SHA-256:4DC01D4FED227B4B898A142396F89C200B83B07624134444E16E59A848E81BF4
                                                                                                                                                                      SHA-512:3B13C5901FFC2749E4420BB39B304529F0B0257E8AC5DD7D3C511F2F23856AC42E42D8E8BDCFBBBD7A356C2E160CC933482F503204A53A91CD9CE0987953196E
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...0_x...2....~:$....'!......Di...~:...7..7.>..L>...O..r.-..,.&p.........8..d)?.X....L..9X.'<.........GAJ.....4...YP...~g.59.1.._@..O.;.'#N..{....+.H....P..FE.B...g.......A.Aw..;....a...9lO....}H.......;.>...S%..z...1...L.........~t8J...x.Y..j....<..-..?i...8..M.x.....,K.t.n..M..e..e.4.+..e..s0.0.0/..U...2.S..2......C..8.`u_u...6.f.co~v.o..]..b.......Q,EZ..,.@i.y..YN.....3.C..G..1\.iX....X...lXF.)R{ii..w".I\v....A..uk#!...jSE.%..'R.....h.Nf.".jP...~. 2c.l.'........K.K..=.RI.#..s.K....\k.w...... ......=o..Q.+..XWe.a.-..7.0..d..........T..5...]..x.R.O_.........=...U{+..A.|Sb..1..].Z>V...'E..GmnOD..ft}..a.n.dU9..........H...Zc1eu..}v+oE..)."..KM-.i.{3..y..>...H.F.....f4gir..~:7.4.5d...l..1....G......8..L&..`...^H...6.w?...5{.cs.....E)..J..4{Qh.@-.5... ..@.....7P....%.!.x.d.`...KI.......n.?,..d.L.D2..cG'..s.%..0.o....x......5I.&<44..Wp.&....R.........X.`.o.FK.X....].........\...!...<L....A..N9:1.R..I.5B|.....~.. 0...Q...=..L+.T+7.2.l&.<.t..l.I.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37303
                                                                                                                                                                      Entropy (8bit):7.99499716624258
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:GzG2vwNfMB3WFnK144Lmj7GaBanRynL7Ugri+bBkj62y:jVw1OQgn76y
                                                                                                                                                                      MD5:40E623C5DA15DCEC05A8CE5DE393D99E
                                                                                                                                                                      SHA1:2AA18052FCD8C5E4AD8CA5B43E0D2AC0FFB8B784
                                                                                                                                                                      SHA-256:0E8DD3D032EF37AC7C67AC86132D88E81438E18BCC188CA7526E717FA1B2C45E
                                                                                                                                                                      SHA-512:3337F8B1EA5A11FC7CC51202D7AE51BD4CE1A98B8D080D33430BC6CC130D3546BE19330849EE4D9BA2B180238585A0A8F6E6F3B67F30845343BB4487F8B6CC92
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.[.^..1.n6.}.7Co..-.oI*.U....{H....m^(Z3..BT...+D..u.K.?.7...=.'F...R.{}.F.'....Xh. .}M._.#....0}.....#/.[>3O..8.;...0...!...K+tr.D..K.r...`...2....w o...x...K...<....r...jcJ..QXbIP..Q<.a.....lU....07w?>=..rs8*{Z.%..z.]..~W?z.s...".`....+M.M.p}...*!+.=Zn".q..;*$.YL..Y.Pld..L,.....x.Nr...e........9.".{..!..Y.) G.........R#. .....#oB...f...9V...W.y........r.~..Z.>p.!vY..Gk._.+{!...@.....:m....._y.O..t......je..*.8...H[.5.a..@Y....h..4.. I....&..F>)...n.$i.nQ.."..|`.....b9..G..&....u.....]Y^.6..>7%).<s].....A[@....:.C....@...LND.....^..'u.,...8.;...]..yM.?..>.}b.?..l*$.."...5.=.....}!P....q..&....,.6;..63-.[39......B.p.7..s.>.r...2.J3........[....LYj/..-.E._..y..PL..E`i.4$.2...._..8*.=^y{D.W0........@[.....r..*3,V..%...#..d.i(3X...(..n=./.....c.;(|....../S.-8(.n....t~g.]xCO.m.D}..e....c...2.y...\I...C..,..,.Q;......A.o.&V.K]..~-U..7....[.9yW.H..+.hP.V..f...2 ....D".n`.vD..rZkb./.1....)E.......n...ELXa......`.)...n~Gu!.F.` N...S.7.....~...=Z..*
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37294
                                                                                                                                                                      Entropy (8bit):7.99489408073057
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:H3f1UyyRvFxE7mxjAYO69t4iXTCP+aTOujxbm+ZH:Xf1AFqeUYx9LC1y0bmw
                                                                                                                                                                      MD5:3483F8EFBA90CC258422BADC47D219C4
                                                                                                                                                                      SHA1:1DC40CF09ED0A029E0FFA5730F2F26536E396C89
                                                                                                                                                                      SHA-256:90BB3EB39687E10901F7920612569B61E3D2B8A67A574F6DAA262C2E274C0C63
                                                                                                                                                                      SHA-512:D0F524A4D7BF7CDE2DE4A667781E0EE7F155012C751DC294EB1A4156D6DA6133F3FE0ADBA084E91244DF9C74342BED5DCDE8BCDEFF500EE05CAF689D67044564
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.../....+....<!....D.....i...Y......E.f.O.}..3...Y{.~Q.....l-.2.rU.;..I..9C+....5.2..,`...1jyJ.r.}.&...2l/V............).....w.n.pn..NZ.<.&...x....o..X..z~.....D..x...`../w...{.J.3......}.^l|..WaJ...6;.%.<.B.U&.>4C*...<..>..hH..t.Z.'.{...<\...E.,[..N..W2.....>.......U.F.yr.%..."H.@X.{B[.k...JV,%...".{..kj......T...J.u...^.R.....b....}......>.H.Rb.......z...s..;.....x..tn...j..q$...|<..\.N&...Ml.Ro.f.-{....e...6V../k.t...Wu2...;.Q..<..."....u.".qY=..,.H.I.*T........z..b.b.....V.*`..K.a.g.<r.....A..........5..AZHlOJ...<+......U'.....Y.^Z.p.FWp..^qk...S...e".....^..g..-{.N........6..'V..........Q&.....W..d.]..mX.c=sQr].....=.5.Wsn.p."x...0.Sl...6m...[.dKT;....cW.|....~.....s.-h...3u.l>..j(.nXX.uJ.L...1.....x.@7..jVz.f.Ys^g.L.9W!..e..,...`U.E..~r....U...r. y.g.P.A.&..~........_..,.....xD..V{.O.A.|'.J.*...E..{......m.>..t..N...27.f.P...fa.N...Oy.,.."....Wox.gi2.1..K..U....<.(ltu..)>.p@9..,......=.....@........S0..?
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37299
                                                                                                                                                                      Entropy (8bit):7.994769132463214
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:dTzliEUFu+J4tHwngBtcth+e6IDiw1xKBlfKta+NT6mx6G/Zxi1C9:d3li74tHwgBathx6F0xGKg+X4GHiE9
                                                                                                                                                                      MD5:F726E3040025B2DB74445206A54CC6CD
                                                                                                                                                                      SHA1:76E87A96F42099507429889B30D76A5723297646
                                                                                                                                                                      SHA-256:3A7E5FED8804E8491430E8B2D475DD0D16A98CF20E34D785E77D2537C22AE640
                                                                                                                                                                      SHA-512:D89B99454C0FD48A13C0F5FAD5D385A3D815327374C6D4E3E322A4FBC76246A5BD8AE297A51FAD7D502BEF3A101F3BBA0D86872EC3D7FAC8E6FFC83837E291F3
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:j=....f.6...L...|t"r....Y@yN2...=.....C(m..GQE.0.y.+.@...=......O.=.^ W..u.x.i/<r.Q&.Dm.........%..2@.8.Wv...}......NT...2..cY.TGW..f....b....4..h...un`..C.)H......_....5F`.......p....`d..^...x...5)..}F.......L.PE}tP.9.Y%.R..<...$.e..T.br...=..-.8q..xd.C..'.5y....1....2.._$eg...G.......Z9....v.B.....q....b...Z...33...;.W...J.;w.....aB.".L#W.....).[..YJ/...?..RO.d.@u;h.....R...l..W..y3q.j*.........r....G.....U...r^.,.)>.e[....H...............]....2.w..LV.#Jv.tB...u.*..t]..$......8r...+..u.....@E..=...s.....X^..sV.........R...fZT1.c..$T.&X.....F=.G.._ ..*.jh...[..3R.9c.;.;...<9.4..f...64.%K..RI.....a.N.eI>g:u..qEu.L.V.J.g.Ac.S.........k%..e"....{8Y....'........Q.l.....@o(.pl/....GA.(+j...V...q..F.'FB...B...".k:1M.*...3V.:S$...W..)g2.D&6..C*...!......Q..a...v...fC....e1A.....'g....().j.tV.:...U.%...c)..`?V.4D..b...~.0..k..m.X...I ...t.Js...4.<.Y..ux..>...w.....Z...z..X....;..t~..b...d.yCe......}Z.b...~...<...&..H].S..6..?T...\u?.l.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37300
                                                                                                                                                                      Entropy (8bit):7.995607416515438
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:tET76xp8btljimY5kN7wSI/jBcmnNt7aP3spkA6wTVik1J6:tS6MtljiH5kWhjmEL7aEIMIaM
                                                                                                                                                                      MD5:CF36DA4478B3BFAFFE604B45AE4FC76C
                                                                                                                                                                      SHA1:088180BC7460914941F658741DBD54500D040DCB
                                                                                                                                                                      SHA-256:7BD3B53EA3244AFBB66135855B68C4E2C9326CA3E3E08412D3A29537A129F682
                                                                                                                                                                      SHA-512:2244AE64EB115C74682E37D43A151621F95D4FC29529E7D6226E5FA4DB5782C4B3D9C671F644619EA8695443EA7EB4698F665C9CD03B429707277579D2CF0A06
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:....>.../a..7$..uo.F6S.e..v..Y....x..V.{..bbR..I..=...-.....Q.s..Y...R...y.......uHy..!..1~.G.<..7:.N..g..Z.l..I.....O...+...s.G...n$&...|/........]....H....;%..N.>O%NX.mVp..',..~{...$.oL.B+..t..|...y.s........{R.$ fo.Y_.....w.B.a2.n.g..I..%C.....n#...+.n..D..?.....6.....Q..~.-.0"c.W..5}}.'..vf....Xh.r..a'.nEZ...y.zjJ...o.,.*6..$PB=5.5W.%a....0..c.].W..!...k.+x..........(o..p.nUMn.~A..<.E..{.C...x.3|!.V....F|e..y.,...._.".A....\.w.B....l......abF.V.......,>..&.....qw..v...W...b....1...b.Gu%.h8..n...x.."@.......B*O&7-a....N....P.A...V...n.'.fC.A.*T.U.C7&<IW.n.c...,..j....O...+.e.C..!GAw...)...~.M-&..'J.q.8.1+..u.|....$$'lOl>.jX..vl...U.....T...._......&,L.E.Z..+. nm.........*....P..~...[.f...V[]K...[.(.._.l...p..l.k._.....-^.`05 .6h...O+....!.$..^r.....jA.o..eE/a.^DN...F....}.....y..."m.A..]...28F....U.q.&G....!-.....rd..zY...@4...wR.......h.Z....D.E....n...j..K.N...4....+....c...r.....YP..3S ... .............sv.c....o..DI>.l.F..,uY9...if.9..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37301
                                                                                                                                                                      Entropy (8bit):7.9944437550949425
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:yrw+UZpCGLvxjylLhVljWij4MhUvNT/F7J1S4ozzz:E/yCGLJjylL7lz2T9F1S4ez
                                                                                                                                                                      MD5:6FCFD4F6C9FB282AE4D5B24E11EA2F31
                                                                                                                                                                      SHA1:4657479EA7FBBF4B09D5E68E7CA2253142F2B8E4
                                                                                                                                                                      SHA-256:217EB57EC0ABBCC819881FB5AFC9EDE247AC23056B6339D7DA7FB09698B4CE7E
                                                                                                                                                                      SHA-512:D785105D4428145AA462D1BCF9C621D373CBC5CD361B862AB476288224221F347BD00A82F497F02B0FC48990E936A5DD8DA1FC13C0695B9530A99BF46D3FC4D3
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.W.R....5...t....N%...ix....o.$..b.ma.N.UJJ.&r....2...s.{...5...D.}...Q.u....\>.SA.q....o..B...........&z.ZWS...RE.i`...3.!.....\.....i.d...;...,...).....!.....r_.C....~t..RcY.zF_......s/.0S_.:...>.g:.~..p..K...~..O........N.../].`..d....}....^...1...........H.....&IQ0.sj9...D.....d..B9..i.,...X5.....'5..k.|..k.fB.X'._..Xu.ldn.|}....yu.w^......;.K.E.....TK.g.cO#~. ..4u.1&...|S.Z..i..:s.......Gy...I./...g..m+Ar......V;ae.2.&...3..sY.j.N...?4.6.......').:_y....YV....N.[..?a3._.0m._..P..hT..Ty2.L..............]....).K..-.@.....q...lk..0.....']p..z..[B.!T-U..../..j[..X.FS\..6iH............J..7.:..d5..=.7).].f..P.j....../....x...+.D..U.<..9YJ..m.....S..E+].....k..W..U9...*.|m2.n.s.I.P..fj....9.Q.M.D....rK:.z6.h...!)O.y8.5..)s...;....G.-.7...0D.....N.T`...3.2.^...N[.9....N/..b[....i...%.z{....)u...r...O.....E....@.Z.....~..K.5.fm...&}.ARx.2..4[..n.].].._...Po...u1............z.......Er...F..=.U~..E....]....].9....L.. ^/&...d.o...:.]y.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37302
                                                                                                                                                                      Entropy (8bit):7.995291747962986
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:0JgWSvG82/m8hfgCXk+JOam6VHC+ArKWYd0VAoKpi3axKMw12bzezBe2:0JgWWCmSnmii+ArXYd0yoKWBMw123ezr
                                                                                                                                                                      MD5:0C8DBD58A0D0353D374AC86A224297BE
                                                                                                                                                                      SHA1:7B2519BF7767194A63B421B5162B79DBDAD0738B
                                                                                                                                                                      SHA-256:149DC078219C86BC92962E067756877656897EA1B3C856F5CAAC0D7E4D678FB7
                                                                                                                                                                      SHA-512:EEFD84B86CAD5BDA0A873873E05C7DBF044221CB0556647F71BD0B50D1C73EFC507894B7BBEAB8E7A5F54525760953C26D181F26930ED77D28507831ED7E9501
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:%(.......4..B.L....1.....HWFn...X4.....e0..A........F.-..'`....'".........?....g?.&w..C5z.._.h... .&....H.".D...........t.,.}..2>...)..%...U;.g4.....L#~.<.u..K....Q...y....l..]..Q .....x..L.~vp...1:..nB'.Z+{L%...`..7..FP&.c.....:.l.......Hvt.\a.......|.."\...[B.....e..~..,...."..Bq.A...wp.....pi..#...A.V".z.O.K.0$...0../^.n.w......."R..G.i..!G....,c....8..kv.G.A..N.=.9.v..>.?..r[q..+...[ .9.c...}TU.......:z.".,.....F5.I..y._.8j.x..!..i&....x.I)S.38$..,.1`@?...q.l.p..._..p;...?wn.+...:BVD......p.g".e.}./j(V#r%C...!.....Q..$"...r5..6.3x..pl.o.7.^...........,...y.<.m..(T..YUB...DC ...W%.|/}..h..$.4....bR$..Dy`h.`..#.b..N.y_..Gy....r..c.Df..O9..*...o.t]|G....L......i5O.x.....]"...`f...a...Uf.2.....K.j.o....2..S#ENBk43....n....K...I..........>Ty`XO...O..|..<_.7n*_V....L...r?m.Vm.T^....pl.1.B)q8...M....`BS.L..H..{..N.\1a.7....`)T.p.......0.8...l..C.O..........iA.@>y.).a{._70......G...%...5[....8^....5...-.D;......Vu_.U../"17...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37304
                                                                                                                                                                      Entropy (8bit):7.994549994292156
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:eK2FJm8W/3EGuZMLowO6ilK2bvpWDWAqtmr5PwwQ:VylW7uZRwsK2bawmlDQ
                                                                                                                                                                      MD5:CCB4A60E73E0B50CE72E71B9E48A4B78
                                                                                                                                                                      SHA1:35ECAA0F53F89C1F0A53ACA853B2A5B4A02F39F3
                                                                                                                                                                      SHA-256:4D6D0FC8AB6A69A90A51962953C42DBD241E0A15272C42B9E134D85B8D0A4605
                                                                                                                                                                      SHA-512:E2649E41635591FB09DCAAD8918E990EB7FEB8327568303203AB041BC7E2F0E45226B2C479511D6950B441F6021C543426A43269C1EADBD1D767B189C471AB7C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..#||.....2....Q~.....*.*@|.'v.M.B...F..<%}.[Od."........8H#7....L..J'..e..x)W.Vs...i%.w..R..y.|..U.0...A.(..Q^T........56|>4^..$...g.l..W.O...R.l...EA.......l.g.p_.....L..L.V1n.._...T.-..g..v....z#..y.Q..{&.VaJ..........H\..S>....{...0.k.=.;..e...}.)....(K.T..5.b...E3..m.Y;#...].-..X..7U..Y.`D....dEy..)...e.fXLo..x.g:..E..-..Wd....P.fm..w.P.....M..Qm.I.c..}|A.],...j;.;....<.d...v.0..^y.y.5.......@`.>.X.k..g.CL.}rL}.bd.S7.&A[PY.0.@.g...EW.r......7U9U....y..$....)V.5]n.]..%.>..p...+....d.sJ....#.N..@t<p..,L.}.../..w..t.....x..sx.T..4..<..1h.......].8..!.8.a. .......D.\......'.!.yn.a.0sC...w......Cz.u........._`I|n......?....HQ%r..o.g.J+.3...<Y.c...`g.7.:.>PL.(eV......\..m`...)...YB3.6.....K.......)....W..GT.QAg..i...:fd&..R/........:VN....,A;..jY..Y.4..z{........K.^|...........LAE...!G...Z.8`....i+.....-4/{c..8)R..5..o..ly...l.S.#...uj..&r.0......h./...Y.(..iX........R\.V...!.`#.%.........~.......oE..v...e+M..C.|...S..o.u.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37303
                                                                                                                                                                      Entropy (8bit):7.994976887736
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:JHjWud+dSdRGcpZfpULVcFkY3ckUXdNyQg6xx/UHE3L2J8YFjuu:QmYOGcneLJY3FWNy76xxYOLW8YFB
                                                                                                                                                                      MD5:F4BF7086D550034B002B70A67ED439E7
                                                                                                                                                                      SHA1:D07D0ABE671E7F1798418C59317D5EB6696FB7CB
                                                                                                                                                                      SHA-256:1273295782BF3C705A576696E9F6BB37F681D4D8A452265EF0B2517335EA2900
                                                                                                                                                                      SHA-512:4A06511CE8B0A9E62A6928C1515F3F1C47C3FAE386A07AF1140050665D71ECD2FD790CC532937188C18FFD0B11C32200583A12F2F1E429528B9C61210CDE513C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.X..q.....)..pC.....K...."b......~/.oSf...)....(7.'I!......{..NW........M......Ty..Q....2t.j.).{.d.....)....j2...l..sg..7E.]x......_h(=,.%..0j.M8...7.A.T.....p..$%..5.W.#.....I._..d......%.?.x....1.X}.....:..B.PG.#...9j..(...%.9f.}.6f......x..N.EG..O.jE.A/s..LP...%..;...K...z..gL....x1.S..M..&2H.Zc6.w....2.3G.'..V8E....i6._QC..R ])c....b^....x....9m.X$.Q...$.....Y.Nw4..?o@X........~...e.qh...x.oG.....x....9...G.Tx..P....j.^&d...8...\..._..N.35c......dC..,.4...D$;.g..81..<P..KJ..C..}.~..#..bFwYF.......;.w(.J{.HY.v..E{..l[R.&.......uQ%L.......(=9.......... a'..j...e......c.v]|/Lw...X.V...$...U.......O89.5.2.. ...h....n*+.C......b5.Ky6..2.4.~.1<.......|.... h.%.Arm..3..?Y..R....g....Nn......c..p..K..@....-8...G(....@g..c.Ggm.E.._...iJ.l.i.tpH....z.......x....X...&{..|..R...|nI.N.OZO.E...x.D]:r.yN..R.."O.....f'....m....B.hd5..A...=,&.5d.6l|...&z.1...._.pOR)Q.........s..:...hn..>.*v..sT-..|.-!...{z.2G7..3vl.B.}.....^<.L.F...1..2.....)....A\...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37302
                                                                                                                                                                      Entropy (8bit):7.994634396376179
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:Ct3u39k6a09T8xPV6JN6z3mjadsbqDBO+GHh3RpGiL:tv8KWTQ2j+B3/GiL
                                                                                                                                                                      MD5:B89BD845BF1E4C7BC4EA6C26BFDFF291
                                                                                                                                                                      SHA1:1E3C8ADD9C710F100C3B6396190D3F25A2FDA7C9
                                                                                                                                                                      SHA-256:52821F93113ED624EBEA21397C827A2AB2F77352DA4BB103DE3FE2B40B54786B
                                                                                                                                                                      SHA-512:DDBEA3B06E7537C6F38E51B681AD20AEC1826DA8AE96569EB6386126D687932544F88368176EC644C87050CFAECB675E4720FD35BA717FE62AE3F18EB1366283
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.`.FZ.6q&$Y...A...q...;....#."v&...S..:.]f])W....A....E._.1.U...Y....g.....t&@..W.o.EQ...m.-._...YbMn(.dU..._'.9..%.(...I..y}..#".z..H..2......,.G.P......QVg....6...z_H.#J.....jQ..(Q..9t..9..@....,....:.!9.;...P.f.5..n.7.D.np.=...._....\...E.M$`..j.%.W.)]..H.N.~r...oY...:e........x.@..-.n.....^.oZ~...8.TI..W.....L.7^.O.59m..7C..k...ppuTn@'...`..7.8L?.}.v.a.f..^`".,..@.RA5a.[..b.'U5..q#......+.x...QH. ....f.*t1.[x.....Ep,..\x.!w.b.!.la..2.W. ......T$A.4.[ns...*l..j....^..x..4T(6N(...Q.b..p...k...../c(..B.H...h'....p...C...$**m.hd..|......mqt.........j..-.<.....`..b..+..I..v....d.0o....7.:,.d.z.+..!../6..Qw..S....^............\2.....7....=N..5J.8z..8.c:.O..'.T@..C..q).....L.w>ZBl....H...f....0T-.:'....|~.}.M..*.Z.......bu.{.g..L..X"bN..Y..*..........~...%.<L..f...`.;..v....W.@..rjP.:...:.8...wr..w...emLKvQ..G...Y[......R....w#.mG...[....-.7v.cj..f_../..+)....&..~.......&.d.I..........`.A...i.1...../q.f:.K^..1.(..E.NW..!..m..t..Y.8.....N%n
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37301
                                                                                                                                                                      Entropy (8bit):7.994531308680084
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:quTvuprV/SxD9VGn4PtMStP8ANwJyfiYaQVb/4rIk6Df1/8SCGH+7k:quTvuprdS42FPVfiYaQVbEIkIGxGp
                                                                                                                                                                      MD5:4D2657B4CF93D63A72AFC47C442CF39C
                                                                                                                                                                      SHA1:10B03C132DA4B8A1A7D38A8E7B8DB07CC2E83AE4
                                                                                                                                                                      SHA-256:BF91598AE29A287610EAF2446649F676447BF561BB069B72CB37B7FA489A774F
                                                                                                                                                                      SHA-512:C2835A048E20F89DFBE1E61DFA847483BF9051049B8314C9AC351F7FEBA8C2A6BCDFF9B13C36064D741535F5DBEBCBA8B979BFE755D5F1BFE87B7CFCF83CB545
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:W...(a.$.6q..k<..<g..+[_........T._..\..i@K.z.Z..?..h)d.:..JH.j..4y...vwW..w$*.E.w.. ?.F..S......zi:..i..@Z.(..?.#....]B.6..V.J.B...$Wa.o,91.........b:.i..........Y".0y.C.bWn...[.`x..........'..9.|.YY9..Yv...G........g.2=..[.p.v.d>`.U....IT.I7.>.6......KPs....t..8Y...0....nH.W]s..(...........(.2.t@......Fg..J.....u......0..w.L.=<....T....O1b....2c.....'W...n/[..3..(.....oY....2.qM=....aQ...G...b..h....g.2..&.....%4rA)._'.)....9..".....O.Z.......8;.m.8W..1a.j..S.......,.Y.~E....h......<..y(....D%_......T.S...t.hL.iPA.t......F....+l.......&`.....XV..)!.!......>U.cd]...n......)I.\B.D...<.......&.u.rY...:..`...z.\..a..........>.. ./0.(U.%.]..T.....9..'.Y......^Dl...#h.Y/Cn].B......N.U.!...~i+...U...X..W:.......6..'t...\*Z..6.l....x..+*..00.|T...1.q......Q.w.k2bRz.....+.."....7%.x.m.?BP.[..e..F_...q.w...OX.?.....;....h.8FR..!...41.w.R...8..V/.v...ttsHn......E.e*..fn.a....C9.].a......O.eH..$..Hi......[.h.~.....:....d..9..8.*A~E..f0.O].P.mei.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37301
                                                                                                                                                                      Entropy (8bit):7.995607506349244
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:QjzMJTOds1NWSLfixPay0mruQr24Sw9vqKs2yIpwL/5AdIfkuas4JU:QXMJ6a1Yhsjo2CB3RyIpw7ghsCU
                                                                                                                                                                      MD5:DD733DBD75FFD8F8480AF3E00415E03B
                                                                                                                                                                      SHA1:C93B6A2CC6AB8EAEF33F95C7676439C177249C91
                                                                                                                                                                      SHA-256:C205FDAAE77F6D6E3DE5562ACFCA079689EBDE86C0E3E2E6DA2AA38CFF72C860
                                                                                                                                                                      SHA-512:7DA61E5C43E999C7E36A214E1097EB7065A53BB87C27D95583CB578DECF182C37FD9DAA1889D74446C4E76B1D1BC9B560A70352749D2649F7456C4061549D360
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..<..J............!.^o....h..R}...n/.i......:.eu..:..s..t\/H........G..q=.u.M....Q...........;.h.3tz........?\..].X.8.....;.&..a..Z..Z.....w.-D.....m^b...D......Ri...{....[.`.0..\..P3..I..0z..%.s.1..pI,.~!...4..FH.....H..J<..T..5...i......+..h'.Z9|./.{.........@z...C..,.]>.*..88<..N..f\...2......TX/F.H.g.>Y..Z......7Z5 .EK9...~k.W...q..[.}k.<~...b..$....{...3g..V..i.+...|.6....a.........Xr...}i>...%y+......@....0...x]..].<.........t.........\R......s...j.p .z.J;a{f#v..H.]...9.D...nQ..{s\......G..?:...E...O.4,R..8....]..=.uI.O.<#"u.j.x........F............8hXcc.or9...u.6.B.....4.*....iT/pL>..R.qq.....Nrw.7~.-.tc~V..W.7.qNP...3..@..?.\..?O ;../....Yu....8...r..>CP........n....y..h.C..iOs/g...W.<x..l.XE...+S.8.n...}L.wF!..D>.........n....2...@..<o~.J_...?...u.uf...7.............6......R...2nu..C.S..Q.:N..F.W.\.C..,FlP..T...E..4.....KF-."c..U.g..Y.ogh.W.].V..O...f.Y..V.o....w8..q.o.{...".M..%...^+x........g.v_.u..... .cm0+....fb.c..U..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37302
                                                                                                                                                                      Entropy (8bit):7.994513763423249
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:l2oTnwMswJ+R6JbLGFDJSmrQrc69CxARDxTAp0mn8F:QdLwJ+R+bgnUzUAjTAGmI
                                                                                                                                                                      MD5:48F8FBE86D59EC68CA2DDAB0FFFBD1B3
                                                                                                                                                                      SHA1:D1065D84F20ED76C50C248CA2A346354F313282B
                                                                                                                                                                      SHA-256:BC5B646FE9653A903F5DC1F3D7946A9FF86FD4685EE357562C448783AE4AA756
                                                                                                                                                                      SHA-512:9154409A70041DE46D19E239A20E9FA18FEE666A58BE54FEB6EBF67F11A506D050563AC949898B4B8807C32C565AE7805031EC38CF36E1E5ABFE064DC515E26E
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....$..A....T..!.[$~2..Z...m...s.t.<.k.W.9.....+%.&z..:...n....3b#...2...........R...2...>?_.......u.~~\9..j.8E].~...V..3m|.AcYA.Ja60..O....rnj..!.6.L.Y.cH.S...{d..(:...L3..V...XA.Q.Y@...d..n2.....+..\..~7.!.0.=4g.4A.U0U.!m.......2...pc...h.o......Nq9..u...s.. u.V...?.|v...^.9..B.j..yw..!z.............O..q...LGP..<........u7..q....~..Y&.M...4.t.l.5."............].a.....2.....J..?...f...x..vm.$....xl.un..[}T.>nTF1..K.t.>W..V.4...h#..}..v.r.ysEH....e.&hb-..#.'W...H.U..}........n.2g..y..{......../}. ....5... ..W;n/.J..|.$.!.F.+/9.R"g...w...a...=...|W.$6.(.]&.o.+<:.H..M.@..D0.Mmv7....N.-.#..n.E......v........sV...d.;.."..Yc....q2..L\..-.I.p....30M8..w..=..0.v*.WL.S..5.uMgU.w.u.o ....v'...r.4..wl.H.Z:..p.|H.....n.$sz.....i.~.6.<..XaqGC>...G..8.sJ...b.>7,...(Aw..~.]R.....s.....H.H.."a...ME...Z...a...].......-K....%.g....d.....|.\........V.=>.+.&n9G\..n&.b..!Ip.r0[..<...(=[K.H(ME...y......vH...be..6.@...[..8....2.u.Ek....C..%.....1}..uNU.z.kN).XD
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37294
                                                                                                                                                                      Entropy (8bit):7.99524101689912
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:J0U7OzH4s1et2Jl3P4VmRtO3RGjkSrt9FcPt6:KU7g4UJBVJMU
                                                                                                                                                                      MD5:671221F20CB618C240A7ECA85E2436A4
                                                                                                                                                                      SHA1:E32068CB5490E82EE561B3DFA5968B36F267D77B
                                                                                                                                                                      SHA-256:6B371EE5A8979D0CB00CD479810E1CA73E4A25A084FB22161453C1E0DABF5E2D
                                                                                                                                                                      SHA-512:4BFD759C1F21322A89A7EBEAECBA123C453E45CC0349FA049CA48D214A9672EFC64AF93D6F949B6349F729FEA170775C2223A10C215FA7C930CC4258E11B4330
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:....L,E...5..v4.4.\...,......-.UL.].T@.a..>....@..=9...Q..t.......vf......B.z.....s|..g8...:..4....^.b<A.'.x%.S.Z.(...b$~e..,>.E....?.?9.v9...!..E$0.....,Tv..f+O}......|.~..I..XFm|..c....V.yA.8(.;.'C.....s..|zK.._.t...I...|..~W.4..5..-..E/...%s9....90.N..q.n...W.)...OZ..u......@..;r..p.....z..j.C.P..>.{.h.Sa.VO.!.ek.....D...<h.Z..y3.f..z.jP..v..4....,...H.......+.....1.'....Flb.(<.".....$..rx._..-y.W.Vi.!.:.WO.>e......o}3..@.b8..T..`0..^..b.p.g...*..D...iB._...{......."tF..i...4{...%.......H.f......g_...u...........7...w+Mu=W`.#...x.0.gwN...g....).$..kT.u..j.........O.;..n...5........mw....>..C.Gz.6..nP.....I....8...n.".XO,.Kn...h4.. .=R.....o..D[."K.}..W($....h.,Td...#....W.m7....8.6.qu].fa.!...Y......E....E..J..%6.td.x*:.f...mQ.K.9B.?...AD.I.beo...D].....M_........ :~. .2.b.q[........Ol..,. .jW..bjN..n.,9........a-.%.XC..A.,. ..~0v...so..X..fH.......9../....x..d...D.4..Hu.03.././...FqR.Q.5....n-_.CBd...X....[R.m]"*A.cx....[.......KF
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37312
                                                                                                                                                                      Entropy (8bit):7.994576188944266
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:CughQwEy0I18etvFXnUfyBJuwDMNnk3CRDZrK9X2STQrbkf:CugiRy0e8etNXnU6BJtMqyRD9K9X2STF
                                                                                                                                                                      MD5:659C248F86E16441AF87C24A10B40381
                                                                                                                                                                      SHA1:BA6329C18BC7384F558C926F751A064958D6D503
                                                                                                                                                                      SHA-256:59588D0E70E5413F496B89890E1C2D181EAFD62F10AF1476EDC43BF0EC8988A6
                                                                                                                                                                      SHA-512:EC6E76AA8F55C6362D8B1B24C61C6EC1649A852809DD7B0776ADEB700A79E82AE6A084F582F78F17A7E9CF2E108C5847477E743A065F922F2F692C684F85B63F
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:ryf4`..j1....K.JtT...R..W.#lw......[}..1..&.9*....!#...8.Fk............|.....D.zci...3yYsJ..y1.i...t...~.*..4...~.E..p..o...\N.MO.Cin....R..>....pHcx....k(.....I..O....9.s.51....z'............Y..$..9.l-B..xk\...6.g.MH..=.7..;z.^:g..\m...-.I.ys~...7..f.%.w3t)F4....|..$...1..P.`.b....#8'.....m..n4XZ.nR...4....K.V.!.E.q\.....wF&{.F...c......F=@.w....z......oW.....d......L.;S..SL...6z......,..^eX..Z...O.@.:..A0...BQ.CV...".h.e...q}*>p.:......GS.#..z.bJ..51..-_...15b...........*_....p.>..G/,.......P.K...`.TB..c.K...S..yeb.&69....~`...g....m:P>*..K......(........U...>....\.h.x.]?..5f.Cn.....<.X...t.~.....&. .3/.72.A..27.Yb.c"..G.....a....B@..o..ib..X..t...E.2..\...d.UH...........Ib.p.'.)q~.D..v.#....q..#.J...G..A...F..z..0...d.....!.......g;\=5..uHr...=..&.O..**..Nz.`..1..5W.t....../L3...A....~r.86..:.~.7.Y.GR...$.;E8....!.....Z.'.;..G...1C.p.;x...a...s......*i...:...}..3.......U...n-U....y..K..R..b.3.t....~.e..I/.d)...~P*..(4...f.A..%d.*.N..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37294
                                                                                                                                                                      Entropy (8bit):7.995772947604768
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:p/g+zF0FPhh2xdUKlVrtFV9dilmNMfUIS5W0L56okZ9y7ezAYj:p/8FPhh2LNFPdw5cISE456n8e8Yj
                                                                                                                                                                      MD5:4BBD87ED497E787A8DA78B04AB8EED86
                                                                                                                                                                      SHA1:8EA12314BFBC28D248B97A74E143967F7EBFBA6C
                                                                                                                                                                      SHA-256:B4CA6651846C178E0233BBDD07E43162EF28F69036F4917680611224A612768F
                                                                                                                                                                      SHA-512:00E3F08C44C8F79E780D3160C7E96018E71CFE962B34F73F19ACAC6B1DEB14807AC096C89F7492796B414095E119DCA5B1D5010C06113231DA08D37D139D3628
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:r&C.Bu......z......0...K..+..=w....9..y.dU.#.. =....K....h*.....3..y.)...t)...X..aZ.t...e;O'S...,..r.G0...TI5......^...T...j)....F..;.PY....%2...E..wdR.V...?....(.a.q6.-..Z..oJ..E|........J..S..`?.....X.5...GH.u.3...6...,..W.17$uN..k....O!..=..X-..:.....*..YD.j.%..QW\.]..Q]..CW.:...Qwr]e...G5._;.....%p;T.(....~...V...z...\.V!.5.O\.....g)rk.......=..p;..)N'.).....v.oS\%.b_.D....-..0P....X%n7].4.4.oZ.....n....1..nC.V.r..i. ..6....E....?.....0.'...QHf.H..44..v..."......S.1.<[qq.)..1?..5.\.'....A...\..4|N-.:.A ..8...L{.....U ... .IW...i.....w...L.......i.0...+..yg.0M./...K..H.._.B.Z.,.j.x..8.L.MV.%NL#...Z.N...3..S2..z.`...a.%f...m....`..8,D#.v......QX.]..Vb.....(...j....d>.(..A.}.W?........9..va.w.u...C.P.._ljE..'.7..X....%.z....E...B]u.;...MI.a]M..T+...6.....{.g.6.E.(o}..sf.D..lr...H..]x..B,...al?mElNT..h@......&F."Tn..$`+.}.x...Wa. ..e.V..Wg.4.]O....f.K...?.....+:.+...`2;........._.!.#.OhD;..=.f.G.!.J...c).).....x.....#.......p&*2...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37307
                                                                                                                                                                      Entropy (8bit):7.994745181304246
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:V8RBOXSptBaMZEBicwI3wJGkXxoWj7Dxq8BJuySAfbcnr/eirLaGM:qRAXS7/2eI3WGC1j7DJJupucr/eOa5
                                                                                                                                                                      MD5:5A7B077F92773121335CA3BCC9F65FAE
                                                                                                                                                                      SHA1:C7457EC2098610F36BB87083069CDE6F8A7C20A6
                                                                                                                                                                      SHA-256:41FBBA1EAEC548CEFC26A1A8376E8B743AB022EC61B89B8C7E7EADF2181FEDB4
                                                                                                                                                                      SHA-512:1A79EA573D08CDB1D5D1138C40164F63BD0A3E181A2EA8F0749C9F99C81458BCB50EC72576ADAB6AA29A9D8241FCDB013E7478978DA0B80F5CE70613F550B4D9
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:C....\.zm.U9..q:......xT.s..[..7..8......sM...xS...>.....M.u.8.:.w.......+^.LG................@.Z.G7....*m%.u0..O.I.2.~..$..X....B.....A2...Tu.e...'.l..'...).X.L.q.:*..A.......4.d..<.D#..T..t.J.....eK.<lxA...,=......f.fv.W.@*....K...#..<..T.l....w.k....|...)uOD.+.!.K....j.&..e.*YCd-.Y.m.j.T#.\..d8P...S.7......V.g..K?\..\.r). .M.@.....IA..r|O..l._.nL%....*.....,.G.9...0......'...p..y.|6SY..p.A...]..`....OZ.}O.d'.4A.'.......?....z.C...k.!..2$..X..q3$>. ..%.H....x...`."}^..D.....]qx.6.r. .,...%JB.......O...A......pH...[n...4:..P........;.>.z...:O.......8.-.#.K.^..1.%N@.g.|.2,.r...`a-C.7.:.I*.....}pv.J..+.cXe|Sa....C5..1.k........z....\.zU&.#.....g.H...4...q.7}.......-...s...].)...I..P'6{.)..A....,......O..Bq.nDx3.)..(...E.....b.....T.....u?Y.,'.:....=.y.\.r.'.~.O..Ck.4.W.o..X.....<..../..2.!.d.V..~..A....x..gQ........x.....&+o.d.L.....4....~RF.W......q1N.......s..u."..tm..O..._eiy.<.........5.f.,Y...6...L......._X........c?.Je
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37301
                                                                                                                                                                      Entropy (8bit):7.995343768361638
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:QwYGH76aL7nsOdDq/Kg64NexcEWkRfm0MKem52dPPfZWTO:QtliFQSg6jx2kZm6j8H
                                                                                                                                                                      MD5:5E0F87C44712985654CAE4374FB33B12
                                                                                                                                                                      SHA1:E8676B615AD8D65A7E93E1DB2CCFC7B3FB903DD5
                                                                                                                                                                      SHA-256:2F4218C474FDDCA1946EC4BA04068B591811A32C6463475757C110CF72B754E8
                                                                                                                                                                      SHA-512:1A9D921AF70B51C328E4ADF0E809F255158C6831D3FC14A51149C7EDAB8DA3FC2B9CFFBA99E65B64ED85AD1A981BB7DF3113A52B1B316C836BB37D5AF4446E5C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:....5.&...fR.......0..<p|L...j....}..S.....s.>X..E...K. .!...l.az7g....Ln.B...%.....J.vGj.*D.$t........>....]YEKv.....z.....A.`w..+i.x.Y...~Ld(..iM....S..0{k..tj.LCX.Zl.A..|]..:....Y..u.Y.P..D8.l...Xe.....3....Se..\v.9F2X@-.._|....3.N. m=(z..`9W..J....p.....X&....p..3...Ui.oD...|.+L.=.u......_...2..}by.d....dBe..6.L..4.Y.y.(.^ND..8w...:Y..Ah2.n.Z..L8......-.....~..ar.<../.k..j\n.2q.i...).........D.sI|."...?#.f.........A...E).y....-2..;..?t.:..@.......cz\G|.R.W.P'.}s.>.....E.,...mBYX.A.mR..!..lwP.#P.bn...9e1..|..g..[P..u.f..<6.Iq&-5....6`j....../.x.Oq5wC.....z...ur.*..CQf..../C|U|B.d.. ...O....p.s.......;....S..#.@..zD..f+.Y....8)..X...3_M.I.7.....^.ZJB.............ZO...j.z...}.1.Z..$.,{i.M.*...?.....@.O....E~=C,.*....g..u.].......Lz.7.(...~.Y..v.:'y.}..R..#.P..v..(....5.GZc..L.R..Z....V...y.0......z~..=.......7M.Lu.p"..rE.A%..n.I#.4~p5...g.J/.]+vg...Z.L).U..xw.D.h...p.>.#.........{..^u.q..I...4M..X6...GE'...L.]s%........Y.....j.c....X
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37300
                                                                                                                                                                      Entropy (8bit):7.995010298369252
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:70cF8tkOxJdcRTiZONRWMv70PIhAMXAgzJNXLhXm6lh8gFE+KBsx:XF4xJdcRTKONkMvLjznLhWmo+J
                                                                                                                                                                      MD5:E0D2B5DC3B82E80BDFD4D200F22C517B
                                                                                                                                                                      SHA1:01E60861C62C0838B3F6E2270F57D12DB907B579
                                                                                                                                                                      SHA-256:74BC8A1F8645D60E3CD3755C39AA81DF82A77CB52B61FA028A397D6B53317E44
                                                                                                                                                                      SHA-512:18354D6E76563345AAB4662702E5EDE0445318830D359F845D5B244EBFA01CA3B806F5B9F7B87992900CB885845A4E1707CB0262BFFF7BB1D06F6398F2FA4C4D
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:K..S...R%..?.*.y.du~C.-.....h...P,&^J4...G.c......6.S.......pM...@....Ly.FM$`..P@>......a. I..R..P...?...s..9d ..S.U..N..Qn.G.....D:..Im.......9l...#bJ........M.UU....i...`..L...U..&F.-.+...,.......'(' .....Y|.(B.....'o...i<~._....{X..6].....p.......*.(R.Y.....f...*........`............w...F,.Cd3n..i.....$...../}.%].9SN.........../x..0..4?..U.A..RP...8.......I.Z].....)..6...4[..r.m.G.t;(.G..O.......I.0O.r.4]o.....A#.=Mu..\pq..f0.6NYS..2..C3....e....u|..,..-W.h....".B.H_.8...N............I..Q.$.bS..@.;..Y.qp.....,......i..y..r...+..5.kN......3Y.p./'..u.....3Bj.>..._..!.E.-Q..U..Ln..v...|4...J..........OS/h....N..9+..%T..'..lx[c... ......S....r..."..e..[..zx..=...J7..5...t.....(..1.Cs.Q<.......s..w....B......>... .~.m...8..O..z....&...W.z.....4.>?.ky.......3.G."...f...].Mx.E....3....F.k......_9.[.B..u.!8....N..p. 8...bST..k4r&8)i...LF.L.w$L.e..6p.Us.$.......?..cR....C=..5...)...n.}t..$.Mi$L...-s.d.*a....6.a..U7.b...._79.N.l..3...@3e.7`L.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37301
                                                                                                                                                                      Entropy (8bit):7.995311557154021
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:dKXXdMvAxbDfqZNu1VzjlvIkmQZ7f0myzkQ6rKYhT1VHFGlqhOPRBex/:UHuqbDCZNM1jVPlsZzktBT3Gq0E
                                                                                                                                                                      MD5:25EF49E81B4774D59A8EEE12FC0E35C7
                                                                                                                                                                      SHA1:5D041113F9BFB9FE00F3ED8F4E3A18C71FDFA6BD
                                                                                                                                                                      SHA-256:529230E3E1E5ECE3FDFD784EEB05BEEC3CFC2756953ED24DE5EC0778DEA4C0C8
                                                                                                                                                                      SHA-512:B992377C77D97FA52EDBEBCDF2BB7D8D4C2EE5ACD93A78F1AD784AE3AF6AC0A1197AABF4F40881C1CDB48C86915675C6F5253FA12D395F52580504CE3AB8467C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...NV.Z...;d..>....jH....M..-...4..&5.....JdV....T..'l....D..t....DXW.@\...Z.`........`..{.i........L..E.@l#.m.Z7......f@)o.........-...[..#...i..;..1....+..M?b>e..gLL...~h*..s<..D..D..6E..&...h./.H..).G.{.[.o.Z.....OR..k.....2AH(.2h....i.Q.........F].b....E.....2k1@.....;.W....~.........3..j._+..&...$...l.....m..-.p.J.....8N..B..,.=}>..S...U...s9Q.c=..C.W.}*'i...d.....6.=....A.g>Z..*'.|..?.y..G*..~....}._....D.y[.m%aQ.FJ.W.(B......_.....V...<....DQ..cN..,p..~e.L4TJ....4...B...#..2.6.......0IZ..2..t......9.mb..:S'......./(..t.udR..v!....,..m-..@..\.q.p..}Y.... .H...}+.v=*[<../Ll.....8.`...+..v]AKm.q...'.S.....*....d...d..NZh..v.1....J. ..6.....n.I...V.;.c..SJ.n.xC..,...;.....-... P=D<..!u.....g.....!...k.$9.E.2t..k.e..J..6c>.;kT....k?.f.5.....l...r......I.o.........+j......\..w.N%...o.q..,....BPyS....5<..g.*9.S.imX.>..E.3..^...).\..C....KY.$S.2k.l.,.I..... .l.;....L.....UX.1=^.>G...v.....5 ..U.2....1.....E\.dA.k.......7..>.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37314
                                                                                                                                                                      Entropy (8bit):7.995464823303557
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:PHIZnds3AKgyj6mEhI0a1S1zm5Q0N0RHkW49jv2O2iMKOB:+3xy+mP1S1zm5TN0REWO727/
                                                                                                                                                                      MD5:163629452F832403BE4175D4A1F737B9
                                                                                                                                                                      SHA1:B8265E5A5F27AC38DCEB2777FC8BCF738D3C0A2F
                                                                                                                                                                      SHA-256:0740F9C3B7A0B0F55AA592BA4A363B198325738B0B61745FEAB16BD4B3C46262
                                                                                                                                                                      SHA-512:242EB47DBA8A7209A3EE2D1EB8E4AF4BE233DBD86A58D054DEFE9122BB9BF50A52FE5B777056E80028BCA4F5B698025FFD3EA9396B4E7ECE3544299A323B201A
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...U~9..Qv..Q.....9...;.q1.,...>@I..9...B.aK.*...i.\.B....5.6&.x..3~...4.a........!...Z.I.RS.<+83........**...Q...:i.Y..TtHI.$#R.%:R2...ef..U,v.?.....|[..Hm..&k..f.Sy..D24.l..b...@...A.....c....)...G.u..7....7..:G..u.a#.P5mz.5......e[...?.6...~m.NG......-.Zz.B.M ...bP....!..S....3(]l.D..f#c.?CS.~..u..+.....!A....qS.U.............i..4N..fQw.\RSG.ns.Ic.../....}......@.]....D....e..?..-6.J.7...d%...t.msd...a&........)z.F..T.V(5.Sy.bq..O...L.Opm.Z....a..L...>..Q._.z........Q..Z.O.....a.T).._...-. ..;.....l.-y..j..9AT..1@.)AG....d..qi(...f.c.j(..F.i..$0.r.<....(..H....7<Z.......]...Y......o.%.n]u.S...{......T.Z..2/...n....tI.._.....S.u...&..PH.hq.F.}..X.=.:F=r.A4..B..8......S1..#.A..^.}..o.....A...|...X..p..4.._.T.4Jg..k?..*K.G...|7.2...M..(...g...l.k./H.......O...s.....7k4...S.p.#...Q....7......q....j.}...P.......T.....r.@......i.)._...6y.."5F...f.0.+.........F.l:'3....Z.....<..Yr...H....p..,..p-.8..:.......Y.2..#.Eb.]........:.u....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37342
                                                                                                                                                                      Entropy (8bit):7.995766888570017
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:nJwdl+IuvWyosY2s36Bbnyla4NafrI8kvcXLhIkIbhFSjvpNTAPMj:4+5W53YbnuTMfrs0X10wbcMj
                                                                                                                                                                      MD5:3D2F7BEF909D6F88DC49F8F20C279E0A
                                                                                                                                                                      SHA1:A67C8936DEE0B926D794C2E97598D914D2FE1AAE
                                                                                                                                                                      SHA-256:271766A42F070C574F114D9123E0B0287822C0F1320357859048D96F61590780
                                                                                                                                                                      SHA-512:B505665E0FDEF7B93BA55E681210B6E23C82533FE1146B0ABA02EF7BB8F267B6ABC879C5E03A9537CDE72498EAFBB838070EDEE8CF07380C251B90FF53055AC9
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:b..t\&.T.JZ.....&...[......[......x5...L.u.[J....*w.Tz..,.......9...^.hz.........[2-e3-.._v.=.N....K...@.`.4c...{. ..E..E.,...u...(].#......5....h......f.....,dTo.zb.k..1.0.....a..h..E.4m.b...F.9....FB.1.......rN......*$5..#.@W..*..JY.@9Hd.*...$.I7{.o.].3.'(QK..r.>.o..G.9Oqd.z....s.t.>l.....O''.b.h.....l.G./oH....c.LL.....f&.m.\_..6..Q.KAq<*..$.....o/.K.l{...7-..y[..c.....(...,...........Z.,.z;...t.f.......i....TilFk.v.m.{d.8.3.....8.?..W...0.<.U.e..`zQQ!.v....]. s.......>.DJ.DKMb......S...S.....:.q.q...!G..ho.e...c..:......+.......P2....2..J.-....9.......k.d.a<o....7&..... ...................H@*.(.....t..N.!M..T.H.=Mh..E.gK9/!T..Uuy.aB.H..m.V..Z.8D>.N......@b.x....S.Z?S@...KR.t44,..0-.3:....gHt...w.S@....j.._.\fF.Gp...5...gd.3....5M.F3D...'.;....{....!.....=i..o..8tw.b4...jH.~f.2..[..g...5.K.RKa..F..C-1.YE..%...%|..{....y.Y73..6.!.4.3?.u.E.o._.*?....Y...qM..[.q2...X...;`3..nc...?..OQ.......6...,.*....=Z..WX.5..-?.......
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37332
                                                                                                                                                                      Entropy (8bit):7.994849737346295
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:gGeKEG7cq+oLN4B9XZ+MZ7rndLRjxYth2y2aRBFPWEYRh2CfrmogP:GG7rtY9XZHlRFYiTaRBhWNRhnDHa
                                                                                                                                                                      MD5:8E86D3E1482C7450051122962C3EF0CB
                                                                                                                                                                      SHA1:73515EDC81B9FE4995250D697A11A5AC2B112F86
                                                                                                                                                                      SHA-256:3FCC86F65B698E8E1505B6F5303752714DEAD6B9D78EF2F408942E6C3F158BAD
                                                                                                                                                                      SHA-512:BD62E4379EC17D2568B577519A6CDBB5A8A59FAC3C2FC1C5A1EAA73DEDB0614FCC692647FE1064B02EA34ADF7470DF9546A3DC1AF50DADEA41781879B84BE0BF
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:6....h.P....$...|..[t.:.l....r..B|!.K-..3.#...P0BN....U...R..........O*..Lj.b1y+.H...p..'.....3.+..m.p.=....\d..(DE..@5..@.m..29.......9..$4.Msi....J.t99N.Y.j=K..{.#..v!~.kf..*..,..|....$.7..M!.4.Y|.u.]....(..f.....+...SQxm.../.GM.....'.V.r.......3...+._=F......Bh}d.bOD$...&.@.U.^sE+y...;....)....B.y_..9....?....t.8.,.sY.p. ...L...L..2./.-(#......:..i.z.'......3..X..T.Kpv...'.3Y...xSzA.......gn.U2v#.".V,z..Rn.p..O..Uy...&E.Y..k......*...3......(e..R....(.d....L=...O.\...............0~.......%.{.b.G......@......!H?m....j{..m}..X.. ..e...&... ....w..t.e..........J..u.z..f.V...@..o;.<..dd.A$..P.r6.....B...^..o...S.>.0O.2..0..].}nmp.z.O.2.Y..Z...^1...+...1.}....&V....r.2W.w...f.j@..x.J...i....M&..6.N..t..<.z).....-..~M.\..M..*......U.%.i<I. .`..U..F..(...&k.IJ...{n.m.L.....5..Y).`.t.....B...<.W..sL.k.-..1Q9c....=.P4;...z...\...[...f>p^&X........._..:._t...&.o..........a:..lT<........O.....YI...+..4%".H.<..)..BF........f.....8...^..!.i.P.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37312
                                                                                                                                                                      Entropy (8bit):7.994701831321783
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:cpoSTgMN0WD5rQy27ObTggX5djf1DnRMKEJ3utiJPIDTz/Uk:cxDJhrRDEGiJP4vd
                                                                                                                                                                      MD5:8958A4A2D54BE46D522CED317C3DF6A6
                                                                                                                                                                      SHA1:E2F1CB4244A1C1453160FF8DEA179CFC659D5D99
                                                                                                                                                                      SHA-256:4E34A7CA201A2FC621681A1D31CD6E9C730E18B5BEAD0A696C6E713651ABB0A8
                                                                                                                                                                      SHA-512:8E3F5C31E37CBAF850235D7E4561E91D6E4D328CBABE59C8ADED681EC80F6A143DF2639F1E68126EEAE2AD1795DB5D51C5749ACA8F8FFE0D2ABABB2E45F164B3
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...h.,...X..p~@.&^C....zY....v#h{.........E..k...V7XP*.J....U.l.c_.?.m..3...I.d."Z2.)\.Q.WG....T1@...i......q.I.7...fb..Ib....G._h.}....=.;.....%x..<.i..Rju.s./..c8..oe...l..!S0.......<M6.Ur.`..p.#....'.....^..tC.."..c..H.........t..tu.....!@^p.Pg8.........Q&........A..{..'q5...x....AM..8.R..o..(..f?i..Is...d.m"...S.L..[.W.U...[U.......RF.[._..C.H..."...$Z....!H1.`.h.$.p.....0.Z=.....s..._.N.N..T...O.......=-..jf...9CWrD.....o..<...A?...h.......ka......y...>.=L+.m.|.:.Z...j..(.....nK~.}l....`.&.I..A2k.=.o?.h.D..@..G......z.....N..mw.< ...).........D.L.{. ..J.E^..\].M....ig..K.w/AC.<k.j..7.......Q.Fmw.I..H_.v....Z......Xq.n$.F.|.0.!./..)....R.....'.W.3..3).PybG.F...bk.,.K......y.TLY.L..KJ.\Z.Ap8Hx.y.C.H.8\.....|2.=[_....z.S.<....l....Q....$.8.,......OD......[*\...7.s......pC....5...u......%c..j<@..$r.U.x...i.,.)A..Q.!.W...h..Z.2....^f!L..JFQ./.W._.U..1@..`.Oy^f...h.u.WX+..f.W..}....&...g..m...).wO./15.....<x.].`.../}U.9..Yg...|..FG....4...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37318
                                                                                                                                                                      Entropy (8bit):7.9947695645096895
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:12Qy0jo8lbmvCOFUVBDTa2gtQTAerULwAPTUQePL3O7EwschRV6:12D0oubmvmDTJa2UdrUQaL3OAwschH6
                                                                                                                                                                      MD5:3DF37A2D6C15DC0EA0BB33DE69D96F5B
                                                                                                                                                                      SHA1:18081D66A14148DD3B5CD151C3F668638C0084E5
                                                                                                                                                                      SHA-256:8185BE3C47B2F21CA5FA1DC91845F5BE3F5D9A63F9A633FED3670685D8470655
                                                                                                                                                                      SHA-512:4E0FD3675F0A0D79DA409EF4F97D7839D827B62FDAB9F7ABB23213EF19AAABFF01615F8E4D8F519E52B8669D17DDE3A83360F4CFAD6C204AC8D34596DFD545FD
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..+.lc.......]~.....x9.."......9C].........j.V.`..%..z{.T.A.....~V... ..-x.mbp./U.....|.V8.....5...1.j.].<.....6........T..J..&.T..ta.M.^......d.uE.l......B.gk.X.._x.]..r.Pn.U..)j...+.A.d....w..:...+....a..r..62..O.... .0..MEh?=%.U%t.....G..$5>..T[.v.2........Q..&.rh...(....M...&.....A.k....2....5..~y..L. 3%O3.?W..T.n...m.&.U(U9.d.i.]........E...*.u......8E.?0.V...R...0sO..x...O..9.....)D.... ."'..q.....UE.W......]..1......W..SA.p.8:.ymX&./ ."d......b..6.8..m,..A..8......D....`X...;k.......S5.....LgQ(.,* %l.!7.jh..)..u.t..k|..D.H.k.1OY.A=...[.......hM.~...~^.M..F."....../....G...o7.C..>..y..D2.Q..@...n..W..mW....Bf.W:.in......B.f.O.X.......~.T.....D...t.7(..a\2(.z..[......o...>....`....s....B..W..-.C..I..h.......D.e%..{+.......U..-.A.8{}")...0........=.E.......Q..'n.[..>L~..K.Q.|.....y.o...._a.wlcj..N....f.N....I.l:'.an;...\..^T..'"q.A.?..&*DXu..Mp.D.^v".;>.'..ra.c"%.B.......jjKQ...d.......g....<.._.;..../.8s.v.QQR..Eo.xg-.<..p...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37311
                                                                                                                                                                      Entropy (8bit):7.994296225559673
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:6bFWTiIoYQotPjI2o2P3biI7r6zjY49dAptaM6sHZ9aPU/t2Li5h:6bciIFTtc2o2P3bT7mfRQt5Z
                                                                                                                                                                      MD5:A11E37C4DC9CC87C9FA2E7E7DBCCC146
                                                                                                                                                                      SHA1:D6C20F49922DE3E463AAB2AA718BA34169C0E1E2
                                                                                                                                                                      SHA-256:1157AF0B9A265B89E1839B7AB444AC12BA84C884F5FA13C1779F0A378C6799B9
                                                                                                                                                                      SHA-512:614D8A73978F94D5F731729EF327F89E58FD01CF701440563385DFB8DC362F279BE223CCC45564D544E16B6A7D5837472C31AB7BB9A8D9EAD16010FE55385514
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:Z.^EfAN...zAu..C,../..Mx...8..5.uQF.tH.{v.R.ED.z*..FA.Oia.V...S...a..3.Q...CND<wK.5.|Ls`.~7.V*.{5?..X......U^*..f.i..t..{.PG\X.........t-.u...J......7.....I.Z.x...m.@.P.-_.~PD.8.....2...p..z.V..j..`.8|pL=o.&.N.d._,.H......;.JC.....+.].........=.h..R.$J.%.LqMA....x...\>m..U..t*bT...a...O__(.JGeHM3.y.8s...u..1.n6...?..)..y..-z...t..x.P..;c^.....<.......Oc....N..u).....N.y..Zw.z....[....h.)....Y.Xf^...76....d"..|...w./O~.Ii........;e..e.Pyi.}..(on)..zJD.|...m&..{..l.$Jl.8...`./.Q.yC..s....|...-.a.0..]..-H{.5@....7.!....}.%.T......@.WH.jK.V.JB..}j.....;..n.M.../d..'%yd%f.]\-N..Y..O. .....;-.z.fq......"..m....m..).ag5r)>...P8.g.,8.......Xe_...Kzn..4.V^D..n...-.I..t>....v..t.......+m..@V.e._.`....6!,..Lk....+.;.xq.....%..,.{....8o...(..B.. W=..1..!.....\....0..n.s...+.X#.+z....../....WG......k....J.A.;..I&.A...8*....6".3K...v..}r...B...fHC.,....6U.J.GQ..7....e.e..F.KbC.E.!.3..9*~Qd ......)....5^...P.y.1....r.c.~.pqm+.2.;.;.3..D.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:COM executable for DOS
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37316
                                                                                                                                                                      Entropy (8bit):7.994866176879741
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:DX6Z8R8eb5o5mwZeZ9uRX8gpSUN10XtMealUDQtrdNaJBVs0m:mZ55mtZQYye12Ki0m
                                                                                                                                                                      MD5:768870663D14EE4AC8418FE539B940E0
                                                                                                                                                                      SHA1:FF8BDF7CCFF50BA6CEBC07672E79EC8751656006
                                                                                                                                                                      SHA-256:FA5307C69C26CFD5612140F675C86BB3BAC362354ECC698713135784C7F1D9F9
                                                                                                                                                                      SHA-512:419330F92AC1468B30BC4BE22BDD30D6DF1E48E871315E143A6B357C913A0C4DBE3087F6153A05E68A0EDF9F9D1499EAFD8FB1CC7E4978D8CC41C4A0DA4075C0
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...W..F........^5....y.@.Q...\!..e..x............s.....|].I...t n..RS.|....r..b.K...l.C:...9..JZ.@&J...-...V..@}I\.#'....d......G.Q4..i...X..c...g...9E*......._d.D...Q<.....`..J..p..-..A#G.4;}{.....wC......A...y.@..&...J..N.-.?..X&a.64~........$/.n9..b{...M.P7..:.8B.a.V...6a..._.@....V..H.,..u.8...4..ij...v.}. .j...?.....y.Znl).u..;w.E%S.4..^Q%&K.Sda$.++.~L.U..pt.8$..#.....3.I`/Y_J\..BUOb...t....z8..2..B.+ku.....C...A...{.......@......S.k..}.8..D ..:}.../...**..?.Io8>........0|.uh.....~....9...s...~(..B....l.p.......qU..+.e...+.2..2..S..04..Q......5P.J.....[...i_G..!..!*.gc."KN!..;...KH.r.R.`xL.....).8...[....T)......U]?.&5...9..}.........D%...B..-j....Z& .I`..x.m..G-.&..3I.?D...d"...r:q~......g7.....J..1q...fgB...J6...W\5|.=!ji.g.V.=....!..G../>..........Iw..)....Mx.w.]..M..3......n.y3X$...k..........`...9w^....r..YT...b..&..l.}..'>.w..yc..w.""dDl.]~._..w.aM...A....;f.../...p..7..I(.....y.{.#..b..V.c.].(uZ.s..O.]A35..5>$..R..q4...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37324
                                                                                                                                                                      Entropy (8bit):7.995744360682516
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:qELskVSkaWagEgvD4tRw6iqq/pAVaxVjkcqr2sJOqEsb+bEWwER6SbV:2r7Wam6HiDxsMsb+lwI6SbV
                                                                                                                                                                      MD5:330E144A830953A199E49CEF6DAC7DB8
                                                                                                                                                                      SHA1:8F979D57427511D99F80F8B11CA9F379289C42C9
                                                                                                                                                                      SHA-256:53D4732F1828A3C5C46AF4A8C23C599F156CCFAB9DCBEDF4D8C787F74CFA63C0
                                                                                                                                                                      SHA-512:82B000E0BE2D60109C1669FB569EFB24DD94CE2F700202A886A44F1E0570A93673D11427C0A2259100672EBC7002BCCA21DD60DC5546FD4B2DC2243583F8B458
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:+....wY......=...Gc.Z.....w$o..2+. ...ly..1.H/...+...9b.R...SPR..X;w.*...ks....ip.9."g.Y.I.:Ce...7..S.D.,.J.NI.n .2..y.^\R.=...out+..a;.]...z....U.I........mb.A....t#.Jp..i......*..sJt...$.(.).-H..F?..Ql....).....5n....]w..."<.^..._U.:.-.!.v...&..Q>O....Q$8..'.y.V.....KE.&..........].........D.C..i...O.$......k....[.~..............q`..P..j).du)..U....7P.........XW........!zV.y.....f1.cc.~#..M..@a..q8&L....dx.h......3....z.MtS.1..#...gq.<xM.1{TQ.'9.J.m-.!.H.{.tM".......9GQ..<..6....T...>y.3...ZFT.\...!.t|y.C....C..R..(..mo^.x.aQ......c.t.....:.o.Y...+......=..)..H.(..,..G.....1"..I..@H.X."f..;Y7.@...)...."r..i...Np.F..a!......m..A.b.............-I....T}A...`..}..k_+.{&2...W..d..{..i1.O4\I.f....r.#$J..(.1..H.._.....%|q.>.*..E0.=........&..U.%..+"...%.`j...i4.n7....*.R.H.P...E...c..R..j.u..O...&/.65..uL..6y+..!=..T... Pr....,3#...X.|A..+L.@z.^...~1.....8...&H.L...TI..qdfg....s].&..r..(.5@L.i$3]......QM.`.]v.9u..`/...j.I'`=(./.p
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37305
                                                                                                                                                                      Entropy (8bit):7.995135867553041
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:/a4igt0vyH+XXgsVcJLSKUZQivuzAs4YTB3GyXGmn/gv85wFqkw7hq//qiie:/a4ie6u+XTILSKcQivmDJTNGy5n4v85c
                                                                                                                                                                      MD5:42C9D534C8D01FB39B83481F4A07AFF4
                                                                                                                                                                      SHA1:2A6C27BE30AE17732C6C59A9494C3A77FDDD85BE
                                                                                                                                                                      SHA-256:7546A1250EFBA63DD29D85A4856D762CF503392AAA8FF8D92C293B8452D41BC4
                                                                                                                                                                      SHA-512:B0D89936AF9875C8E89173E09488E34F777A6F58F2D71EBADC904FA3E31627AF146E00B4980FD327626119FAD8E2C08EE6A5AD57833DD74C6ED4DF6B116F1829
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..yi.kI.....p..cqK..w......#fb..BB.ed6.y.|3.k....P....EA..Y&v......;F....>./......oX....m4.A#/.Y.B.......T.\.K>Z...RrB..5c....(9[l..Y...Rp....\K..X..*..&..D..].h..S.''..>....J..<8.?....}..h.}}.Oi."..i..=....`..HN.v..Jq..iD.!..zl;N,oW.@.C...........~.X....Q.b..Gt..m.C....B..*.w.d._sD.G..ZU$1XtM..)?.[P..I.a....J.S..p{....L..<d..2.............V#....o.G..8s.....o.*.M..i.iw.a..(.j.......e.Se..%q.1....T.m.W..@D.[..."..-8..S@...a=M9........>.6.c..?...'..e]..g.5..0k...jW"....VJ...J.c...3..m..m....tI.t.M......(.....>..d..>.<.&/.....@..vm.5......z...y.%..j>...C<S.py{...T..'`sJ.lf.z.8....A..?.!lTf.w.....|.z...v..q.J..u_.&..6W.n;.0Tv........&.p#G.m....pw.0i.b2N.y'.`....p..k.y..H........oix \_.....|..u...jo.D.}n.<U.:.[D.l.%n.Z.WQ...4..N.'./X.Z..3#.\....>.u.eT.~8..2.M~.D,..}3c..~...$t..=Q........5G..,/.4\...l>......J.IZH.u.......;...D.....ba.....\|.'......]...v...h.....@.5..p.......Rh.4y.6:h....q.`.C.`{.T.....E,........o..,kt.._..V..%t0..e
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37310
                                                                                                                                                                      Entropy (8bit):7.9958916065938155
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:wgw++y12IPxqcDeADnlKQSXiwXU3mW5NDZRmID3Vh1ZkxFTod2G:NUy8cDjbVSXi0U3mW55F1ZkxFTO2G
                                                                                                                                                                      MD5:08A8A8EC11A5D3BD40AAC25D2FC871B9
                                                                                                                                                                      SHA1:5A1E120E7048DD3E263D5E75B3B4F4449471D35D
                                                                                                                                                                      SHA-256:AA433439502C5B19BFC81CF7B23CA00CDE72488E4DE31874A70C8F812C4B7558
                                                                                                                                                                      SHA-512:C68CFE38F39AB27D348DFB1826A3474DF228CF18378AD7BCD826DA903BAB1A8D2D946A1898DF669A6649321A5158B7EAC0E4318F82AF39D10DC140CE8BF5C509
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:KC~:\FD...D(..snJt.Hp....gV....6.n.U...2.L.\S..).&../......=(...9.F.O.$....s.. ...z..o.....3L..w.IC..."T..{..j{...|...a....&.Y..|B...N....9..6.Q.."...zZ}^..r...D.[......j..`..Vh.[w........Z.eMv).[..j..6..#.6d...c.%..'+.m..f.9I..W.{WVC......[O...B......W3.......~.o@......."..R...6.......lht.X.w.?u./.k.}Q.l.^K...l.N.IC1..Ih..wB|FU0........,.....}.E.k.....c...sme.:.l..p......&.L.~....+.....x'...J.>..(...js...[..h<.:.....tt.@..y{a[..7.]...H..e...o.@.L..U.........../3..t.+..2OftVI...7r....@..6..<.0#9.`7.'<..6...7......;7....h..._.N..)W.$.Z3P..O\lCIr...`.f^...c....y....F...eY...9...L....p(,'..U\Y..Eq[...][.J.)pgXN5S.}.1.....pF...}....O..........b.R.BH5:.....b...>8va.........y..~{t......*..'l.....)..G.d~t..Cp|.6}.....x....v....!.4nrn..v.<i.'&.--<.}.~&q.r..C...e..v...TSL\...8`...-XH.t..Z.y6f...X.e...Y..G.LiQ;....E.cE*6.u.Y...x.>..|vV3..^[....d...:.P..:..(i..Q..,....D.0...m...h...I.@.~.3. .`h..,.."v.T....w.!.}.+ex.N(.8..|U.I.o...t..$...e...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37309
                                                                                                                                                                      Entropy (8bit):7.994145409623272
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:0M+oVtMEfJ76RUPegIZKGnzX5exloWRBmN6wzzQE71bisdZR:04nMEfh1uHzJaoEK5hdZR
                                                                                                                                                                      MD5:25F9D8DCA32679D986ED083B181A9F1C
                                                                                                                                                                      SHA1:762A27A8E22605F704DA96BF013C243EB3AC8F70
                                                                                                                                                                      SHA-256:04B094B7A5412AAC597C4012C9492EFFFBFA1B9534E746A7A8905F586834996D
                                                                                                                                                                      SHA-512:85D210B72DD1DE22B47F08BC5372A98EC08E42DCE04D57033A394F609760C953A0C7E231106C5BE7CE530C0FC9415310B3ABC36722D5FBCD766E65DD36777506
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:D....SJ....>....F..e......".. ..>.........(7)....2'...hb...Q-.oP`A..p..5........M..OF6....W.. .r...V...Dk..y....0Qp....W..G.....?....3.IT......J..........QWs*..... D{.G..{P......5B..fDteSJyL.".......E"6.".@B.../m....)m.t..&5-.O6T_?......z>..mK...YbS..g...e$.^.,Vx.lV..#.yM.$...xV..E.......{...\.^Kw_.}&...Pq..O.u[{..W..c$?l..vS......D...\...)fY.B<..^.?.....(....6_.aT1:v<..L.U.B.W..V.s].....^..v.j.1.....[.`2qY.N$...H...%..[Gt..{.IpG.A..a..1;..!d....\#`..P....z...Dfq..|.=s|\[{o.S....A...,..&k...p.;......6...b.(.k.........,.?.d7..M.....s.b.*..U..H..:...J....u.p.%...Oa..,S.bjQ..)E...L.{6..Z>3.UDAvM..8B.a.(l..n]..'}.W..0.$XLj...O...2-.n..q..y_Z.G.....i.)-.vB.G.R-....-W&=ge.(..X>..NdL.....^....K...l.b-.9...."...J.bju....!~$[F.N...c%!.5.<.}^-.?F.b..5.B....lf.9.z..e.........J.w.5.u.=.......B...C&;y....l...YX.$..4.zV.W.u....5M....V..s..5*.[...P...".........W..s_.:,.s[...sh.Y.m..$..}.W....V..i\..,..q?..O1......)4...C@..#q^A.gD.?.....ZR...{A~'.#..#sq
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37307
                                                                                                                                                                      Entropy (8bit):7.994783898300375
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:h1bRSlsUrhUOKySyZ91YevKLciTnJdKT/yXBI0vUGtLSW/liX5VtvtNniCazUEmI:YlnaOKydBhiTJU2Rim/YX5VFrTEt
                                                                                                                                                                      MD5:2F66FFE81B54844ED300290A9F83C98F
                                                                                                                                                                      SHA1:D0B5F1A1AFC3085140535AA9B181AAEFA09FEB9D
                                                                                                                                                                      SHA-256:5F69C1B5523074FC77A171587D4E59DDE6AD8AD9E4A8CAD3D09043B1B0490AD8
                                                                                                                                                                      SHA-512:51EAB5E52A7734D9E9A8F849F3A95FE21EDCDEB02BDB15DB438A09E0B894FA276C076E9B79425D3A9B3264343E22B89939E8D37C4501C1C430647F06DD543E50
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:rL=...M........V"..l.{.H.*..n.{.....u..._...r...)X]....G> ...E......i&=.."...A...!o...|..K.o>|B.G...x..8.n.l...GnX.....e....:'.zA...6.>.e.l.-.;s.l.."b8.B......^.-..Q&u.}.Hy..4c...?3." ..N...>.w.......?_.....<.Z.....Q..V...?x9.S.d.6.9R.P.E.d..W[..E.Fh..9..%.k...i3....S?=...k.s8........7..h).e...K...L....^.'....J.........]../....B*b...`.S.j..A}H...4...B....d...cGH.3.O[...hO6?V...z.:.iB)/.l..Ytg'u.....Z..J-..;...6.j.....J%=....9.}.....@t.Q0..".../.............q'...l.....mS.}..W.Vlq.s2..D...Jy.q.)....w{....|v..|p..G7.._...n&.y.f._W................yz..eZ..x<.+.j...A....?g|8.N.XE......0k.y. ..c...I[...q#..9...\1......f;.d....)>g=O(.....8.o@..HS....._...z..\.Nu.`y.eR5.n...`X:......e>]..m.....:..."...Px\hH...&..:..;q=.n.;.:.(.....%...-b...Y...."6....g...A.1....<.U.....g!..:%...@.....*...;*.z.......EU.......$sB${x..L.H...K....k. l=D.p.c.E-f...rOW..W.z./.l`.z...d&.#.$J.\..O$.._iL...t..+.Z/..JmK.DZb...W.j9b.F..gp.j.S.S.....+......n......
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37315
                                                                                                                                                                      Entropy (8bit):7.994966202474675
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:hPyV0fLmj589hXhO7kFxu3PQJeMjeWFEivXduvc04kha1OwJR85W:8E089hXhFxu3dMiWui/0Bha385W
                                                                                                                                                                      MD5:3B53FB6F8379D400807A4E9675947F5D
                                                                                                                                                                      SHA1:E363E969C1860E7B8938FABB3D8B751BB468ED75
                                                                                                                                                                      SHA-256:CD80BFA661D6FA9E98D604056E5D3CDF2A0257351F6E1A20EAAB8CDC828C52AA
                                                                                                                                                                      SHA-512:A4C0741858F86317F367B495E689D9F3C8C225763F826ABBFA3B9C940A79346E5E656EAF3D05A03B340257087C970CF1645436328EA56A96117913647C38F0F6
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....X..n'...WxMp.O.MX...m.v...AD'..x.!.'.w....@Q...-.....%Q.1B)..!e...7...zA!.'...!...I.......k...SEqE...}...L.(.......zK;.....Tk$B...S+..6..C'......'p...1.O...*..n.......I.L...Y..U.!.......l_mk......es.FlSn..._z.....l#y.....k.. .......H.u..y.......!B..M8+..7..."u.^..|..&.....j....z...;...\)-.i%...-g...AAS[r......'..S.xayg.A....=.r.x.._.i:..c...H.(T.D.r.;..m....2. ./`..(.@..&]0.o...D8N.N.....1.8..o%.G......../v.i......x..x..?..."..=......*.e.._.j.]W<nJ.}..(.I.....d...#I<o@..W..MVF...$.O+7.y.T..`r..r.0?t....%..{..c.e. ...v)..<.p....w...,(..p.w.S[.z.8.....:..QY...U9)(^...?.nl..-.IZC.R.y......J.KX........wwB..Tpqd.L.?P..z8....q".......)...k.w....~^nQ~......7k....G..m...."...?...wG..\I...!..F...#xe..1..b...^N.b.._3...X*...Q...I-un.S._h.".)VF...t$.......C...I.....$4..5.s.!=....{..G60_....<;...(..u....(^Qh^....R5n..a...U?...s.2^...{W...+.0.......:..gg..F...o.J..iA..o\.\O.f.....>..M.~...+.....t)b..:.P.7..1...L.I..;.....#..!..m..J.+zE-..;..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37309
                                                                                                                                                                      Entropy (8bit):7.9944897632940535
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:v145RcIFjGiCdlVtlUPlwmrss1/HJarbK6KmO4nOOJUpG/pFdHJJt9rR:v14giCdbtGPlwmhHwHK6KmROzpG/pnpL
                                                                                                                                                                      MD5:09378A1D1E5BEAC4591F60E6B56E44AD
                                                                                                                                                                      SHA1:F4B4EE66360BB2474828D96CB075A30C7E10947E
                                                                                                                                                                      SHA-256:C95F62F995147C5CF2D998E35DFA2AC55322388632C0E5CB1FE8A5E63740DC8B
                                                                                                                                                                      SHA-512:56E23F3DCB8AB0981808D919ECC7FFA7E8D785195218F8B50C5F8AA72F098E5D92CE12524D239A61793C98981F766EF6BD1F951A4D6F8057A7486F718BFA0428
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:....n.t..DKO]sm.:.X.".*b."^M..vU...H.Nt.g.,.....P.QS$.k....F.=|.&..d.../.F;m.at...[.).....lV./F. ...J..I.xf:...\4'h.....0^r*.6^..o.u..y...Pi.f`.......'...2F.5Q.....P....u...cis....r".H.6.cc...!*..k].vB...+|....?l.U.....g.t..Oo...FM.n...Q8-f.e%.,...q...vn.....my)..Me.G. &?.-..Q.I.O<+.m...K...=.i.I..,..m.n.t...IH.D"....q......k.2..U..@'........!.Vq....M..C..c.....,-.....5.z*S..rQ.R...ub..m......j[.............}.......t...x/?.R..... ...'+.,83....].j....|t=....<.vYf......Iv..h.G.....dN..t2..i......@%K8t.aQaM\.T@.l....*....[V..}..W..@s~..\_6T.4.h...QhSy.x'...._.4.X#L..#..:......Z1.D"w.eF.|DjI.f..$..|..E.G....Wd.C...z..@.S}p{.PrT.(.....Q.?M<........%.WR....=........z.4F...#...X.......*]..Bg)....C.a...}."..b9@.%PH...k...O.......].....3..#V...j0.~r.:'S.i..."?J=......xE....3...Y..yM[..I*.n.|..z...aC.f.<.Y..7....mAN... .~....{Gmt .q..x.(....a*....e.Xa....|.GWa...Q..W.X}Fm......W]....).....\j.|'(..<SZ.nM6..2..IDbw}.I..X..G).JdF..C.9..Y..a.(W{ryY..m..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37314
                                                                                                                                                                      Entropy (8bit):7.995655524230185
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:eSisZWi8tokHZipHbifKuZgeyEwszCP6pt+SW8eB:eVD1HZsHbiVEseP6/+oE
                                                                                                                                                                      MD5:95328CA76FF4029748668CE34129CE09
                                                                                                                                                                      SHA1:CBC1A6081A0704A979496A2DF70C076AEB2D09FC
                                                                                                                                                                      SHA-256:327FC47455B584530BFADCFF37A10B94BC8C74DCD1A488736434BB53B4D942E0
                                                                                                                                                                      SHA-512:FCA7EF68EF22B966FEE1F6F1D9E74949183E6EE2C53612F96640DC315512DED6FE6A2996C7D7274372BAE92DD75957B9F2A97C01C134C5DB814B42E4D745FA87
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:|..9Y....n..1..D.&..4....$6..U...+%.....h..s.....h...g.{d....Hr3..l/.W..c...Q..it.P<!.bD...".z)......gW!.w..N#.:"..y.KT..V....7.C..)-;.?N.d'~.Y...z%.k.?...v .......iI.c..-.....*.*K5v..HY..\....`.....>.g.........1.R.j..0......5.kvQ..>I..o.!.w<.Y..b@..A..V.X.#...qI.>..G.0......._...B...r..x.\@7.E...4..F.HJh!Kh."..[..S;i..4....i.......Q:1.d..L.H.."A..EA.l$...H;...."..f....c.43..lX....D[.f........).B,..%FX.........Q.=g2}kHn..k[...........#h?.j)./.....o..b..r....N.x.Wa..Q....A\.]..Z.Ynb.......cc.hn.=...,....8M.l....fE~d.1<..Z....x.6E.1kp.ND..i;.gH{.%.)'.#`.A..Pr....b.[.|.jb... .q.Q...n...h..J[..!.b...........S............'^M....U...n.}}.B.A)n..0.pc.....}.....,C$.wK.......H..;'.g..w._)........ss.. ..E....(..I;.wF....oh.....@;k3..@...9iu..qHs.w.U....<...{%[....>v.>.BZz.d...._...%.......r....Q1,..\..........Hg..p.1...|...(..hk......3"....g.MGX]ArO.g..9 <.}C.L\.7.s..l.9...y.T...Q.L/[..'.....;A........9a..|..Q&c.R..%[!.7...@..o...l5.*B....P.z
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37326
                                                                                                                                                                      Entropy (8bit):7.994486288183899
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:eb/lGNHa59smDnwVmJYCXV0qXU1OsVKZPo9I8Y4Fxeq6+PadDPji:erkN6HsmTxYCFhEgMKZPo9I8YMx9wDbi
                                                                                                                                                                      MD5:0E5DE46282CE2F4B57284591B784A842
                                                                                                                                                                      SHA1:37E145B26876B9D1D0523A14C3D6C2C7933F6070
                                                                                                                                                                      SHA-256:73C83B3EFF89AA94AD6D53778F5E206D1DAAA599D0671846B6D7026BE54C2440
                                                                                                                                                                      SHA-512:C2283EFAF708E94E34470EBE43F3C8743AB4082D70C108489E7C8128EF206A6BCA108BE309FB6A730ABE25C50195219343136C585700161979CE0A2995BB168F
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:@*..a=.%...q...v..Vs.n.1...5c.t..l.t(...M.y...7&q.....t..?.8w.G..M..e.9[?n=.J.!.d.|>&3. ....E.%.CO.r.2.*...Qih:.}a.Z.NK<...UiW...w...G....sN]"..xH.39`..'.d3..P/e..]....v.o.T.).91.)R.g.-.Q..\m;_.Y.Q}..c.z...y.....JY53..^...m.f....T..8..`.E1.._Nh&a#.z{.E..VAlO.7.1.F......#.X~J2....s....S..K"].|L........-9.#..K/.1...G..H@.~..z....~\...q.......@?..0.Z7...P.lv7<....3.A..3:.{..w.5B.........L.r@.$..oS...z];G.V..K....;.[....L...]1.\.(....lc....<..4.....K.(...{...m.^F.9...q.#(.W....\i..2...E....Z...|Sa1%...V]......<..1...t.7...........M.....qj..........4_....SIQ:"...z......:<.z2Ce.o].....6...4.....I-..x%WkQS.~...k.Z..xP4l.....V...R`...P....../k...'S.<.t......[,.vIl].@....r....>1*..#.T.4..4.....#..!}.e~8...t2'`y.X..?.LCy.l...rw..!...lK....Q_KE....]o...^.^....1._..._....0q.I.c........w".o...6...M..!v...r............OY@O..T...Q.'=.:CJ.......>.q....iKM..W..F.k..K.3|hF. ....^...}.L.nn...{.{.......B..:.......s........Z...t.....kv..U>dc..` ......L....8.d
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37336
                                                                                                                                                                      Entropy (8bit):7.994629278592376
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:k9AbCDWKADapF07kAC0BlYmXpDbLx7zKVhMPwEscVszYPUzW4:WEDa30bKmtP5CbEsnYPX4
                                                                                                                                                                      MD5:B3CF801996083C4B7260A965C950B1DC
                                                                                                                                                                      SHA1:646915391196591BEC03AB9CA083DA2C003586F6
                                                                                                                                                                      SHA-256:7FBE2B99726351EFD00AD7E640E5F20B373F49B400231FBDDE3932481C21E09A
                                                                                                                                                                      SHA-512:ED158B86A90F053BDEE5A0A04330ADB246094361C52691476B0E433EA7A8D591017586003F3AEE2E911782A0164C59AC62DC0265168709EBF5E68F64E05475F8
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.]4.m....l.:.5..-b..=...u...<P...B..e..0...32'.f.rr......~...T!..R.c....H4x.....3.J..w.74n...+..R.I.....uz.g....k.1.K..k.I......8..R@.k.bp.{..YW.Y..$.x+.....=.".K..G._.}...v..;.4...r..+.p.#...]/......o..!H.X_.......".#30...H%.4B..uf.M#.Z ['...m.O.......-}.q.&.3......^...g.=.O%u.a.4g.%...p 8.1..^.......P,...F.`..Ysasr.6.......<....W......I9...$fDHj>...D......Un..]...&@c8..I/.OsB.9/..~.Zq...la\W..9n7L(d...\{..].uL...o%E.87p+..S.{m.1.......s....i...w.B..^....E.1.)[..tp.c.u..K!F......?.....g...:...#@.U.a.8..".G%H.e.X....@@..%....W...N..0....+.X...`....SM..I.L...v....7........X.T.....pw..T..(...u...q......@|..s.....,2......LwS.......+......D^Y .?..PT$.........XL.......e`..Al..Q?IZ*......g|..E...F.b.......r..F...,L.f.X#X...GIf...".T"x...G.L.. .&..y<N..........J.....>q.&.g{....T._......%;3..d.....JQ&.}...w..6..bU.nd...r.o"J]>8........3l..1.m..N..|....WUM.7g[.;..g.b...4.f.}...=.ox .....{0.....x.{......._Sd.;QX,.|.gL....Y.U.<,..e.X.....3B..e..<}......;..0.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37334
                                                                                                                                                                      Entropy (8bit):7.995299552402243
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:5F/aRs8yTA5jRrgC3Ddsn4UASXw8AWB2yI3LVvw:5RoyTA51j3DdM4ugRyIbVY
                                                                                                                                                                      MD5:AB035BECD13D4DCA219BC2DB83FC779F
                                                                                                                                                                      SHA1:DD5C959F448082B53B655EBFB339D454D3C1BD7C
                                                                                                                                                                      SHA-256:D7DD5B084C1C46F98C1BF57F9831C1D0C60597F5A68527CDCBB38BD0BF7C8A7D
                                                                                                                                                                      SHA-512:729F8749C689410B277416330258B3A7E6450BC30BC05CD7A5C4E53CFB98E8E5CACCFDEBD4F76042D0C316EA9DA25BB0C8328F4FAC6BF9DDF568026B80E7CB73
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:U...7WT.d[d.a1h.?X)...m......}2.L..q.A..</?.p..QSH.{.@..:.d;(.......D..Y.qx......&..j.6.K..yU..Z..k..C.:......w7......Y.R.N[G..B....C......IJZ...3hC..X...O....NU..j|.-/.`&....VC....1.H...}...7n.|...Dl.T..........v..;,X.....#......c74...;.r.p[.Q(.S..o.t3.Mc.....R7...+.s*`...L...0..t..FX.=i..h.D..[.5.m..)R.,a..b...........5Ezs.FM.'.".:..1......h.....=.^...z/pW.........O...#.../A.L'E..:...b...2.....$.3V.J....P..J..-..8.U.+...G,..t..K.......o.u.p.Q.....Jp]v.nk...e,::.E.i,,j..F..>.7f.J../..K.D...u..Q.....W..........\}..~.pAY............1K...}.=...+v...`.:.....^.zh^.o..z..5.IG...~..$.e.KM...._.~s.V...2....9..d..l....g.}....x3BP..............w.!....K!Y....).{.N.l......Kn.u..e....WX...>.R..31.\..2T%.E O...S_.n0.p..k6.D..P..#].Y..G.......B...F..K....%._..r.!...|..JK.9.HU...|..h.Z[..@..l.<#.-.>.n.L....q$]...;.)....M.^....b........Z,g......hR9C.$./........J"l...R..5...TY|..tnqO..|..(}i-&3V...@..|T........@4..l....W............w.2....ih.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37309
                                                                                                                                                                      Entropy (8bit):7.995373325449574
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:utJWTJKwzW8kE1ND3s5SZ9hHtNtDiGrQXCtr4m+h9tClygCu24cxTjYCh+V:hKwz7kEXIyNtDFt+AIqgi
                                                                                                                                                                      MD5:A91606BCC92414C2982960330CE82FBF
                                                                                                                                                                      SHA1:9B4A28B998BAE2700DE4F995529A203D7ABCF7A6
                                                                                                                                                                      SHA-256:6FDDC988D4846B9F5CD0B85628EDD72FC7E384EB8F0F99D606317CFAD3DB18D6
                                                                                                                                                                      SHA-512:3AF899C559C53A5DB39EEE569C1FA72A708ABBEE6F28E58E8AAFDC6D8A5898EDF2DBDB991C4064245AA9943F92F555F2C1E074396D45960975625B6675EF5B29
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..Tv./.T..H%.?.].d..W{._.}.a....#S..f.$.Tm.Y...l...]..|................Z..)..JAs.~..(.........'8_.!Y.t%u.-,,..?...f......?.!\j../u.N...Xc].....t.RO..VU.........C".H..a.......g...7&.r....8....kS.^.N...8.'.H........bK.|..X..D..3...}.J...W_......[.G...^..9W?!.6.X...3.JMR..H.t..*k.K.u..g...10.=vu.._nD..N4E.>UF5..aH.s.>t_p...|....d.}4..)...R...3..y7*Wj...Y.G.Z....8..O..V..7r...fYd.,..Q.)h........8.m........$..D.....N...-P...6J.Oic......uS.-.(../B.....T....O^..5.h0.n?<....c....=D...hNk...4s..M..HZz.d...5."....!$..C..B.6......!g....'..........P-|...A...b........R}zJ#b..[.h....CV.%....8...K.4k?U..^l...g.....".P(2t.x........I...St!.....E,...+."....W.AO..<.7..HQ.h.....3I......mv....v.A.H4...i.;.....,t...1.}... .X,H....B..s+a....u[A...@.Z..;N....O....Sbt.._...G..7...t.}en...1.;.....n.i...E..n8.Q.8....R.n]..U..B.M.....d..-....7qN...y.se..kj.K.+XQ...vB.s...p......0.j.@H>:.B..}T..IG5>.#.....4:...^.1u...C.)&r."'..G.....1.@o]..0...u7.........4N.....z
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37306
                                                                                                                                                                      Entropy (8bit):7.995378781860628
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:3b/ffeLeC+zEYOgfR10IAn2sk6vPAj3TBQzHIHD:rttgrBIA2JUPoQzoHD
                                                                                                                                                                      MD5:9D57672D461B191C9E9420AB63237603
                                                                                                                                                                      SHA1:D9E0C32BD88821781E50C3A75AC3992F35315039
                                                                                                                                                                      SHA-256:040C79F916783348D7C95F7492F8B82B568B8E2A90B12479251CBC505EEC9F9D
                                                                                                                                                                      SHA-512:B2028F6F2EB3D90935C68D8778C002EB75F5BCA94356A728676C93F05E774764D01E453D3C49A0E6FD4630CB86041554A5773E32BA861EA7B683929F5FC6E1E4
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..{[.....,8......e\.......g..x.6.q......g.".K.dN..@..Z..O..6$....94z.D.d^.;......*.-W...7K.".H.``.px......=...t...Rq.LlY=..V.7..m+..[Na49...4.?.X..{.....*. .0.0.$.....r..,8..m..1X.rU.#M92..|..yE..'....r.....j.t@.(.|%J...'.S.4<.....b.L8.97..l?..%/..Xz...g...@.Ul..;\...3'J....p..b`\B.......5e....0.._..6.1...[U....gG........8...S-..|h.|.O.udc.\f...3.zjHQ..,XoaK...y....r.$..,...R..W........Ms'..6...L{.J;..a)...ia. #?@.x.rh?...6..7. ..#.f...$.d...A.id)7f.....x.Q=.T.B..3.>|.'!.D<.&.u...B.j..]....:.=/m./.6.R..>.N./2;=.....%..e......./. @?\h...)5.8J... H.'/.o.y7...l.&......i..]n.........p...Th<..1...pW.my=..:..{u/f.X$....$~...R.'[,_.2.k.'>.Q.:....s...^D.w=..+....;..b......q..z...:(...K/...&?..3~...0..aj.X..>....Hp..M..*.....y....C.A.B.2y..a(gF.C.z4.......Bp.h....L.....kQ+....&o..f..|t...~.n|.p".0..s..?..+..d7.oi.........k.....uX..P.p./..z..3Z.....R...v.......t..\...L'...(.G....1..{7P.&.R..iZUPm.Q..Q.r...@.#&..2..8.w......{.G...R...5......tUy.sh
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.978128236541533
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:jNI+Xe/1kIM2ZUkyqPQgSK5WiStcq/oNxwRZNEvA:VeNkIDZJyqPQdVoNCzEI
                                                                                                                                                                      MD5:9A8C971D91EAE6ECFC56997182E43BF3
                                                                                                                                                                      SHA1:D0517FAB946254E3B28278CA80B13F31730647F7
                                                                                                                                                                      SHA-256:315EDD400F0CDA3FF8DB7432D3DBA75645CED2E29B1192077BE93CAE71174825
                                                                                                                                                                      SHA-512:B75EA603F10B9844FEDAD3367E359BA18379311F6DEC63F83C647C810DBCA05D4606C5885C0256097910C986ACB49FFAA6D4929BA587A88ABA7809114F7A35FD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:./.&.5....k.....?.X.......xP...&9.I.p... .-.d[.X<..O>oJQ........RuAc~......2.8.6...,(..M.6`ZQ._./..N.*3....y........c0...jY..q.j....u.........#H..7.....vW...k.......X!..Y.......^.M.y.<...@..q.B...J.bD..h.<......\.(.^?2.M.%.g..7...........EkW.?(.H....s...N..8......F=.....s6.5...Yxy..lj.8.%.}a.U!g.1c.M..IZ...g._f.45.l.-~1.,q.a).}.:...SI......>....7/.\;.I-...{..^\.g.8....-3@b.M......7f.e......u...)}.w.[<..<.}.....u.bs.%....;..=.`....9....$.{A9=4._.......IZ.G'..JI#X.u,.%H.=V0.^a.J...3.i.i;.2o..f.u...........9q..Q[.....Hy..M...$.9..Z1.....x.nV,.x...S(....~.a.b(...P-..E.rL.%.9....A....m[I.|.u\w.F.j...#...h.t.._..)...../.......Dow...t<...Z.&...Z).W.",.+.I.;D.)....%*.....L .P.{.).NQ..]Q..A..m._]? E*.........7.kBm..4g.>A.z=.....7.?..y..y.zY....=.w.Db.........9...X....{0...g.....q..eT....J..Vq..).l.CF....2..Ni.wn...E.Oi..F.............L.O.........{.Zf.N.......tH...:0l..7.,_.D"s...i...\...._.F+..q..i.%.;:.Y..u..>.k..d......C.....h..A..t.~..iWD
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.976220361272426
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:JQVAEB1uAVGvkkVN9u7otrH3gQ8Xvp9HR1/5ICj3vkvzIoEOAg:ADB1uAVGvkkVru7Ow9XhJRJvkvzFSg
                                                                                                                                                                      MD5:88F1AB2BC97159DB43AFA3E930873290
                                                                                                                                                                      SHA1:DC337E8E77672228D76FBD9E69026F4507271B8C
                                                                                                                                                                      SHA-256:C11736B40AFD0F0B5905BA9F71A1F712FB5EA61E3C94555B3294BD9952F55C0E
                                                                                                                                                                      SHA-512:710CDDE73540C4059409F2FAD8143B6FE4B1FC981EDDFBDA137A73000A70145DB2565BC9A94AD40186258F4C637788094773D73BBFDED2BE57F2439653D69030
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.7 q..dM?JD9.!..U.Z..[.`....0...G.[.k>.*U.%s.F..a..x.{AY5....V(.0...`.j.`......YlX...#}8r..i..*....Q..i..a."..g...N.!@.Kp./....<.{..[nz..=4..M~....(.......o...|..wO?...EAH..!a......!.&. .x.....b.r.........(>..1|.. .:...`....d..4....H.`.U5.H.:.....=&s.S.`(8z4..*]1....\.~LX...=....D.kT.>..E.@c.l...0.....2\..9.d.:a#.fi...^.....D..G.>m..0...;..e...r^gA...2.=..`....3=.F.V..#Se.......'.lr...A.......s.k............k.G..D.........M.We.t...^......$Th]z.......'.u..SYK....[2$2\..U..g.B.>Mau.......3_.r./.=&....$......T.6..}.xm.zY...c..>..5X}8.Rj....1_........-..W..#..cSm.#(.Y<.J0dw..y?...8.h..c..`....!....Y.L3...T.........E..TOJ...L59.,b.G...Ga.k'....d.......YvY..].....@..b...8......xS.:&E.^..G4..A....."Of...l(.V.C.....C.)0..gC{.....c...D?..<E).......k..g..4M_i...6..-.K...Y..t...mZ]4..A\....I...8...Fa...I..P.Z.OR..K.&.?;A#..!.....eC./..X....Ih..............pX......I.i....q...Nl...sz.<OO.....t..>p.k+zW.}C5.S?....3..G;...J...{G.W^zR........
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.978934854797994
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:L7xZbYqM9TtH9ylQpw5gfAimkalKKNyJuTLjXLAdxtiS3m8Xiq8wFMcu/b:LNBYqQvy2pkJimkakKNy4jRcLXiq8QMn
                                                                                                                                                                      MD5:C5DE3C72D2659D6AC761FE1A8C2A4C8B
                                                                                                                                                                      SHA1:990D90670616E4E7AB76D286AF7AF7EE181FED0D
                                                                                                                                                                      SHA-256:E078D4E91D3AA521242C65B43EF98AB17DCEF73AF7FB9E0D357BC342DDF60B29
                                                                                                                                                                      SHA-512:8F4AC0E7FC8A6667E2FFA43575D79E82663DEFDE4DAC8D388A26B470544DDC44D3960DAC5A75692F0AB69884FA9E076FD0E5362F9AC2C0DE18562FDEF6D68824
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...c.q..M8`.a...V.dj`.{.a.....|_$.6........`..A..L)o..b.pwA9....f..c..H{.=w...a.>...]...0..'....R.U..z.5E..,P.6..t.i.wv....1..z+.b+..........:..%.=ku.W..WWsq7..)6...........Y.....Q.._/m"!]..`_|.4..#*.'...!G.tH.5-2@I.W.T.d...q<...x.....(..bB)+..&..i...Xi...........F'x....H...^.d..0.H...{...$...[.........3.U.]iCkq...Z.{...;..A.]%..6.X,0..[...5...q.T.#6..~\o.1hO...>.v./..8..)..J.q.j.....X....iv.3..y.......G..i......."..M.b..+.....}...<.+..v.._...........x.{..y...om...0..;.P=..8h.......G}.F:..s.h...()9ul3?o.n...=....N..X.D!'*..uM...1}.lQ.K..U..'./I.#9.Z.^YU.s.8... .'...y.......|.A..8...f....A.0ar....M.<}..Y...r*X..>v.q..}i.'OI.....K..<........(.._.L$..........~q2..y\1}..&X.vsE.a6B.8l.5rJ\..9fK..u....I.%....=.:M...*.ho 14.ILGi.g...x..QWu__.y..z.|....L(.....1...D..6.....) ......d..M).....2 ...C..T..p@..P..i.Hh.)...8.#....'uQd@.......^....Us.lx$...I.).J.;...;.=`j.....4.........\C...1..n......O.....4.9..Q`..l..b....aF.Lu../H...N.n0{z.......v..../.....Op3
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.981211107479741
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:1L12KNlCAabPlNtql5rmi/gy5WGl9bwnsy0/vhx5EVh6Em2eMvNEQrp:xH3xYjtqCiTWGl+0/LOVu2e7sp
                                                                                                                                                                      MD5:42226B370246D0DB376F32E68CDD2918
                                                                                                                                                                      SHA1:F229943F0B4A9A4A037F0931B020728E74930776
                                                                                                                                                                      SHA-256:EDC2C4655948D9D18480390228C352257E8399419460E7A8C3842C2DA461E920
                                                                                                                                                                      SHA-512:5A1114B5E4EF2926D4071A387617FD3ADC580F7A14D7BA72FCEB6F7CA0358A3CBEC787177B169B0EC0EA978B6C1D5EC8C90C7E8140889AEBD71C5485DCD2847D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.9.].]t.+..x.H....g..e[....W.y.w.v3.+... G.....R)..9!X9.`.*....a..-......|:....`..P[...`..f..q*G......|5{....V....>.o...........Quc8...-...-.2NR...H......?..V..H.)...Z.tDX.#f...Vn=j.0S~...v..:?*D...d.N..|r3.,....<..#...".\.M..T..m\.*=.".GK....b]?.'\.+>f.^q.S...0..n/...N.V....S.........u.(L....... ..........p.. ..?.A.......,|.u*|....H.<.S.0K..........^...-&[!J..Y.........).F...........7D..JR.k.?..J..."...t..w.....3@{.......P....n.Y..Ulz.v.a]X....}.G....."...o.>.'|T.{.....R`x.n......2...&P.O.`.{.q.........-.......QF...n.M.[F..o....T.>..5?.|Z......g.&..0...<\B~.4,.0.T.3.d."n..#.".BR.l....Nj].6.$i.............oF.C.8N.s.Tp.. .0.+.._)..G.@f.xX...i.}C....J^O;..s.....F../...F.Fn.p.tXH3lP..Y.j..;c.uw..t....pJ..z&mY......S.?Bm...Eb.svfP.c(.H\...X%yxx....Uq3.t+N.V.y.Z.>..........Q..x..(*8....._.v....z.(..{\..7..Iq.ea......Z1..&..t.......o..FCKm2..o...x|>..w........m...i.*.j^b.......W....).EtiT.aR....xa......%....P..LE...[Ek.`~|.}.a.pc.?.=.....F.^:3.OB
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.978708993252417
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:2A/r6oXf4l2rgy2OI9xOn0CAyPA29U8yclw0nWIaMzm15IT4:2QOgm2EOI9xg0CLA8a0nLU
                                                                                                                                                                      MD5:706295B29D3D7D5C468ED86F5C3468E6
                                                                                                                                                                      SHA1:92141B5400C1343E2E81FFA4DCB22C434E88B896
                                                                                                                                                                      SHA-256:6D821A0417AB14EA06B8E9EE04B823ADE8B28944DFEFDB8DB920B52CB00E589D
                                                                                                                                                                      SHA-512:9F493F028DA0F7A9E97C058C73E5954E631D6A23D811CC91C360396E26827283683343E340DBFB2E2339C398A94416155D4726D803DB78106072E9DB539E44AD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....&..{.hZ.7=......x....(.2........R!...ZvM..C).N#...!\....g?.9. H...wq......n>j.H8d.G+w.I/_....Z&.r.H...+I.GA..r.O....vo.k".%...7.W.N.x.?.d.!b..H..0.1.*....Q..1.h..o... .{.~.T".;v..-......k...(b.e.2..o...M.....`.mM..O4..N..n..$,..k..G....U{.;ih;_..;.U.M.k..a..;.B.A.\..3...zUI.2..$.~...K..! .r..+sE.|..T}+...Lg..e.B....n.z{h..#...h.ed..e.z..M,:..Jr.l..@...J.uD.I`.>.$..X....."~....t..#.d..fI...,]E{..+R.s..~..).....m......T...2.6...`QadLOq~....i_J.e*k.N...U.:.XnG..lt.*OG...2......-..v-s.Ew..^Ax.D..Omf.#...js_x....r=..M....Q...._.........,...i...$........{...K.).8..@....u._@.....A..Q......4.au...K..(....?...*....!.Yt.>.. E_.. ..7y...5VID..j.^.7...kY..J...].J.S.....&z.rJ0|.y..@...n.......?.~........+...w.Z..X_31e...>.n.).C.<./.)...[...qk..v..V... .f...#...."..D..(KqJt.wL......)kz.h...F|......$...2.}OQ#....V[?k,..F.~vK..s...> .b........4.1......M.....P........Y..~....t....VW..Y.....N.T6;...\.y.).,./......*.}.Z.B4#.F+......_..f.I....J..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.9758151930764
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:vJ8gTcTZ06+hVYoODFBEbkLp/vOZarpLTXzgEhTj24S8g:WgwTsUTj1e2REEhTvS7
                                                                                                                                                                      MD5:F74359B05818A50DDFD41FF033392862
                                                                                                                                                                      SHA1:5A988E0E39BE8731E615B4BE7BA203DE7A4A7DCB
                                                                                                                                                                      SHA-256:AA1AD42CD8955393A13B732B81C74A98A0D171C95D9C4CCCDA4E0838844D63BB
                                                                                                                                                                      SHA-512:FB1B16AD71DED0551412A4BEECA8D581F49070A96266B9B47D1126CF387ED72F27638AAB984DBA29768F5C9E17365DBF5E98B4252E0687E5C1F4037E53C63522
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...:.<!..0....s++.S.P.?...r1.Dq............F.W..J.....).\Y....<.b..h...E7.<.<...54..1.....hK^..$...=\qM[.d..bBV.(x.&..$.<..R!.....F..[zc8....do.s.C..`{..;.g..f..Fr.(..o\...x.n..j..k)kwl_=.u_..)..j..z.r.j4t.%G.......C.v.2...v...=.>....t..X.u..............j.T...<..x.u.H...]qvi3....?U}.....'..v........)O9..c.E.R.|4...3.29..h.k.Md1..+..l.V..7..=.bK,o+%..............%D.............>...X..d.......=>\...Xd.*\.......U.c.....>..SRi`..j.Y.z0F.n..$6.H..C.$=.S...6.4...#1..O.i.j..xS.IA.F..T.LH....54 .d...MU.....r.H._..].[.[.k>.2..0.z........&..Q...M..F.."...H..B..\\Y.zr.=Q.7.......!..w..9.$...$c..XY....h$!!Q..N.....0p..D$.]).l6.`Y...E...P.$..Dj.'.9......U...:..j.'....M~g...G.......G.Z.v.R...So.t.T.5..m<.....E..&=K...Z...~.]..|...sfE..\W....J.....V5%.H..ZN.8...s...4x..........a&...Q...}K=k+......Mv&.........t=.ra..#2....=..?.O_( 4q.~.}.i'....T_.".,.q.*.,...c]M....T .+......9.TW.V]...q.".J_.E......G2........../b........`?.`..,.....o.......{...f7+.C
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.977277614546292
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:y2Sr9IVaalDP4sq2nLLVizU+YV9TksAVWlnPC:PSreVVlRhiggssOC
                                                                                                                                                                      MD5:D49EAD281C76FFCA942FB873F2B0D418
                                                                                                                                                                      SHA1:9B6053541E102A26358637F5AE0C312EEF933938
                                                                                                                                                                      SHA-256:DCFE66913F2C9E8B479271DAD26CD4F5E4735200B3CC1867C3F7116100842660
                                                                                                                                                                      SHA-512:7FCE777667D399939F16DE082919F1C52D8D839E965517B29BF829ED841FBB5497796EEF1BA9B48B0C27B35801A37EDF9EEF55B5D534CA7D205D0D42A0293FEF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:&.(...QO..1.%. .J.........d.#fg..S.........o.KW...#.$#. .{.....!..n..L..}..2*5z)....oW$.6..Et....b^.....%?r}W....#..]f..X..KM..o........@....*k...h)......J;.#.0..9^.@.l.E-p.......V.2..$.c.:).H.&......+...q.+F g...5K..B...$K......oFl.=...a."...;........u9...R.v.........B.VG.K\$..-M..]&=SsU.>...i...E..sd3.W..$.O....sd...Gk./q..r..%....;.....N..El.. .Z.B[.......7.....,...M..N/..|R.LS..;eM.W...M}.ZH4...5.........i..i..v...#.....)F|..D."...Z..I.H.;..G....R..k}r...>.+...=. ..:..L..lY../......*.d..a.[..L..[.$.EL.+.o.......".)..!|...Y...g./..3..t....^I..u.j..U..4.X......uPN8.6.r...Q......\..M....%......(.'..H.._It.?..3........5x.u....Z..M.{.`....N&E."...Y.H...b....eRc..........rf.=G1..+g(H..j..b.Q.......pk[..-.iG16.0{Dr...?piV....P)......<.+...=7....G.\j!...e[u;.V..W..$.S_...l...)."j....IO.......;...G.}%d'...}...f.s9.F......I.u73...T...Z..,..g...Kc.._..2........F....EH.$..Wz...k...@9\...].6X..u`.+..i.d....d.O.`.6&...z...[......f..t$.Y..{..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):548
                                                                                                                                                                      Entropy (8bit):7.621845265052958
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:Now2W4zdHCwAdrLgdyryLTlganioTE5ActLlVM:Owf41uvlo6loSttpVM
                                                                                                                                                                      MD5:BEB87F64373821F97B62F88B48690273
                                                                                                                                                                      SHA1:EA1A3082E48606DC806C59BB1FB45E743FA99469
                                                                                                                                                                      SHA-256:F824F718062C9C7C34DE8085942175B6A6462F029663DFCFFD22B0F5AA5250C1
                                                                                                                                                                      SHA-512:33077CDD253F7922A6636348E18C57A3E568F0C5D68B412781AF93F93813EEC82825DE61B702BA3100FA465ED45875164E6722063231F72407E9559C7124B3F2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....9A$x.F<.iH....)7..7.i.........tE..'.NX=)........_.<.....N......O...e.....m...G..l/.%.lg{....~.)Bz{...F...p....?..,..}.[.....I..c<-.."x`..XUP..q.(.B.Y...<._..v.k)..r.GP.Z=.yF.U...QoT...fKl..jQU..?.n.]...lrM..|$.d"....f^{.... ..\...,.........d#8.j?.....`.h.u%. .8.....T....$....A%...d._..C.6.l(...3...._.h.#7......D$wP..#..KT.u.....GR..).M...(..M uJPb.*...\y....bE.V.....u>..R.....n...v...h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.976675529856333
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:0+/2Us4DTXd9+M5NO2sx3OKJF90w4YQzsqhQOYNgTzsG+XXe3VoBlFGJ4IF:CUs4DTnXsxeKJ0wfSQ1N+zSOCBlyZ
                                                                                                                                                                      MD5:D64BFA652DDE60314BB97201C49DDA24
                                                                                                                                                                      SHA1:B917F8C89A1BB2A39E061998660C7D97C15F4C59
                                                                                                                                                                      SHA-256:CA20B9DB9C321359ADCA1B52BAD310942E1042C6DB15CF465A038726C8142563
                                                                                                                                                                      SHA-512:7FA3EC73A674DD5F46DC1BC599A6412884353D529E834467FB534A7A702ED7C4CF1105F98C90DBBC2909911EC3A28C5BF4BC147C69CA64870723EB2487AEFF56
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..`....1w.../.J.-Bl%w....*..p.zt....#.k..:5..8}'...Cb.@9+...4.73.....=w?..uI...;.>].....6..xQ.5-YO.z.3u..)r>L..3oT....:3A.@..0..^:..-...4..~.o..nC#^.w.g.....PaRQ>Z..3.0x....>..I..<.O.....!B1.V7's.Z*.3^...`qk.1..q[.V...i.....S."]....;...{..OP=...M.\.-..3.^>...$..G....:..j.......@e]r.4..1BVY'.?6c........d..n..]......B.!Y...b..=.Vx...+p.Q.d]@L....T.HMc......mt.n.C.....k3.A...E....9m....!.~^".....j..X~.....L....N.Q.+..Y..,p.%+~..Ar?.f.L..m.o...}...p...G......(l.~.l.=.h....P..B03}...!aN^..OK... .&.J...z.w/.Mh..8....>3t@B.......Tf...3]7..U...G.4.....Q9f.28..5.Xk.0a........#pp.K%..y.....bR.51..x.Z2.6..Z&T.=.j.\..n..{J..{...[^..-../.n.z.......zc......R.#.'........rs.V.y..D..N....~.y..p.S.9.V.D1-.F/W.3.M..ma.+......P.'.P...d.N..rv-%OF].:..h.u.3...y^..i..........2.,..4.f#..W.9..7%4.....0.Z.neN8...<`..C%..yu...........E..p....m.....6=.....K.kH{w+......k........v%....+...]....n.n.{.=.j..../._..~fU1S..Q.J.V...B._........t. .B?...&.8L.v....u.F .[....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.977108781619903
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:zE1Q90JiZzhgvcI1F2EbdPEPFHaPIB0DIN6NJ3Hia82:j90ihacI9btEPIDIN2i2
                                                                                                                                                                      MD5:012CBD125F4DC738106339555A170D92
                                                                                                                                                                      SHA1:EF1998B2372EFB52FBF75D55CAA37815D390516F
                                                                                                                                                                      SHA-256:1B3C6C55022F908ECFD141B3CF7C27015EB09E05E01B718A7D3FD8834CE4CF98
                                                                                                                                                                      SHA-512:1CDCF3F70C86C62C5880586FA73B891DA501DFF1141E8154A793BF6BFFCEE4C44CE5F124352CBD6D6327A7A2B81FC7B8EE279388914AC3C83889EDC542071D76
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..m.l{....y'..#(OD......Xe....C..b#K.Gy.e...)......y..a...x .....'lX..Nv.e.8Ccr..h...../.$].....W{..J.w.3.B...4.)q..K....._.$.j.A9JV..c;.D..2...x.:..H}A.Da...O=+.BK.p......~1'^..Y..^....@.#..*..o..(.[.x...0.Ws.B.......^.V......L...D..8.{~.w..e.....K. ....%*D.30.....S8..G(.K.j..{.`...."..n'Q....>.{..c...:|._.%+L#-5.m.6l=f.V.V=........q..zb.a..g......m.'13..p+...c.og..N.....d.IwQs..v?..X...y...?.x.P{!.u..Z.....5c.H.Q....^Td%x....#...%=.q..i.>.k.V.(R..L..PuB...JK...*LP.}._gh...... .I...v.MzIrnW.|.S..Q.`..|.... N.....f.6....}.8[..=L.j.V<FIx./g.n.<..p.@....T8w....N.O+f....X[.0`..un.6....].J(zo.f7..b2K....O.J.x<a.B...b.g.W@._.Hi.hM....&/{.e..).MK..........*.0.......W.O...E..f..>....S...g...e,.G....7H|..3.1U......i\63.|v.d..)....tG;.....G.......SD..R...{.[.m,...f.~.}..'.I..._..%8.V....k:.^.Op..q...........dn...>......e....@.3.s.e..7._.$i..F..].....+..c.....J."..O.e.x5t.L.d!a.B...t_..#..'...H.6.sz.:....z`...x^...Mg....1.F..Q3..P....X.|z.8#.9....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.976939121806633
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:OSi3a9TxsUqFhz7xndlmTBvT60BHCu9o7sfCx:JpxzG/xdlSvW0cz7l
                                                                                                                                                                      MD5:037D6B4C1349BEEEB9F227603C2697AB
                                                                                                                                                                      SHA1:EF9E251270B0F15333E14FF4334A7B11052732BA
                                                                                                                                                                      SHA-256:8B5590E479A6CF942515F6CAEA586CAF227FB7C93AFFF3559DF4E261F308D826
                                                                                                                                                                      SHA-512:2E02C35499C5C7BE238623BEC6253B7BFEFED5A3F1BC45A4BF1A42F57C19AC67BEAD759DCE4615512F54F2D7B60608B6B78D77F71F2024FA972C14340ABF542F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.(W5.....m.._"-\.W.....z.ZXnk'E.6..i$.....$.E......8[?.0....h..9MQ.;$...0...Z.6.&.~."..?>.......m}...}....#.u..u?.?1.+.-1..\...w.!8...o....'J.g.[.B..O.O....c.D..X......D."lt.z?..+.-_.."..K.W++..akiFG.9D..\.Oa.....)Qco....M..[.T.......9...n...O...3......R..7.,y.u.,.$.i... .=".]9JD].YY...HY(v...O^"..._Y..(.\B[..Z...j#..._k.|.....k..l`#ri3....5.....y=..xt..r...l..g..^Tv.A...<...`r !.......d.....U8.;.17.....o.."."0...t....pB4...?[-.=.SoW^....}].n......l~...,.s....m../.3M.IHi..&[E.P..w+....,..U...........K`%Q..E4.-.....S.:.q..0":.....`2......'k...l......AT.....>S..}"1....Y..O....,..l.|...SB...+.".....L'.2..c.$I...T.A..P.9.`.#......P...{....DE]..\.Y_..)....c2.y..%.<.bd...o.5}.../Y...@.ra-D.........SN..tp.Kd..L.;%>AB.+........o&..... .{....X[../..C5v.....l..s.{m?=.....n.f..`w..d.dPZ..i.c;j.L(..x.<,..)..,.Z.........Sz.....&9}.Ret..}v.......h..|...C.t#..Q).l.... .d.P.^.NT........!z....Tl.;..z.Q.t......s..;.rD......t.%"....o..ng.()*d@P....r.:..m.[..j..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.9775459342491315
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:ClNBITCQx3f7n5ZNqwSeTpan1Y+kkt3mkIrNQBymbKB2RvXNYI:CFIT9xfg1J+kIrCyWvfF
                                                                                                                                                                      MD5:C7D88E4FB0957E2E57322F8470A80670
                                                                                                                                                                      SHA1:C7BAD415172325E7E36F77413195D237B3596773
                                                                                                                                                                      SHA-256:83488234E91479F1070182C09660933FDA5BE502BB54560F122EDC0B4E30A4FB
                                                                                                                                                                      SHA-512:D39285385BABEBD1D3FDD6DB788E3047219526337F6E2C0D056E892B1718EA19CFFF608BB499F618B43CED419321188A14BFD81A2086652CF32C862A0CBEB9CC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..!.....S..t.\r.G^f[[.l.d:........O..7...E.G...[j&..D<..(..._.F.X'.ye.........Aa...R......@...V~....O.......bI{.H..>K9l.,.....R,..w6|1N..I B..x,s).:aq..LF.i..jx4!.h.C$Y.....(.5b.........Q............>1..1`.....<=..._......#...q.....<.d.a2..[-.!.R....H.p.%`....3...B...*,..t...yz5. 3.#V...~.G..jO.t..j.~2.{ .c.&.Z...[....,(....>%....U....^.+'._w..o..35..U.Od.\<.y......J.8.>7.j.t..k...v%..O.._..2..eE.h....\.q.....;Y...T..]}..]...V;m^.*.{oe....*.e.L.i..L:.5......CPo.?...l.....}......./..Q.-.Y......9.c..t?.?.r...wm...e.E^...C..~..T.z.....|H.rlRoH..Pp..eI*$....TT...LF.AOx...]....{...U.y.k(..J.f.fC...-...o..~..s.7..-.7.l..!.Pv..^f.....!_..4.S4.........9.j(R.g..fF........r.A...`fW..o......U.....R....J.l.O..f.=tZ^.;.C./...$......3..........4.......J.......Ah.K0.....K..."..?.<...=y....]_...tA..An.l..+.`..<U..DG.G9...#p.4.=..j(U.O4_..X..Q../.d.&....)JP%.i..Z.].`..7...`....A.[.kz.{..../......o.Y...+.-rp.%l.M..A..q..0........Zm..P.F.b.....G.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Public Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.979887843639394
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Q9BxYACQ0qBMEnNWDKE3NNu5LFcNthdFLAsAbFy10v9YDynxb:H3QUmWDbNNaFQFxPAbFyMOo
                                                                                                                                                                      MD5:AA4BCD0026D7EF887D2FE9DDBAAA44B8
                                                                                                                                                                      SHA1:0BC5539E045401C47F7D221627D40B6CC5D20D51
                                                                                                                                                                      SHA-256:987FA819D5BD144627F2496060CBCB5E352E7961189880A0DDC2267A82945327
                                                                                                                                                                      SHA-512:50E6B36B70AEA75395840BF753CCF35DC447FA4886163C251EDE4784B3774D609E13276EE6042351FEFD1FBF6AE52B5C86EC7D79AFD46D101FE6EAF0CC80EB60
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.Az..........|yxD.J .=9...NO .....l...V.b>E.{..%..U...)..B9..Fp.<..O U..b|.&.j.....Ka$y...q..n|`.i..#.n(q..O.M..E...$.|.<..+9N..`'1M/ Z..I.i/.GC.A.....,1....}n.me.......M|)w}..i.&2/R..F0....f......?.....Rp........p"a..V...<....6X....X..C.......u.3B.z....h.....{.oy..D.....Y...N.I]a.}.GMv....4...3w..7Q."..2.f.../m.B{2-...G...E.Z...>..).1.~j/'<..I...V..yB..;.../...[........j.P.H...x...Z .f4.d..2...^..v(kh...G.qy...!.......1.:s.so...&.^..y.=..V.G......%YT...q...'^.S-.N:.=e.@..k..l).2#S-..U...~9.@....c8.........4Y|c..A .........2|ZY,.2n..E\...D..M.S......f.}.C.=R..\9.l%......O.O...,.......&N..X...9...n.p.bH..._.jv..y{d.)....p.dsweq..!....).-.Bv$...>.t....vBH...w(.Q.T..(...?%8.%.5.y.!. ...)...R..>..O#..i..K..g.....f..~._..).{r.K..<]#..>.}..7...0L7Y}..5c......5j;6^...32.R.h...Gn`#1..Z..v.....M..z.W5.....*.t.\4....fS.B....q.3GIQ.cSL...*L..K .5.x..4..5>g...A.....!_...k.`uI.....#.<.v..-....=.....@.......R...7...h;.3S..%.......M.-.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Public Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.975231291874738
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:vhRKYqtR4USiRHdd2ClnktFIOQuWQDw75W32PssQHKGGNYuGbpJeyVCAUUT:ZDcmKhbBk3IVGJqGGNFqpJeykc
                                                                                                                                                                      MD5:8F1E396163B0B387BA6A45F8B2D7E6D2
                                                                                                                                                                      SHA1:A1EB34FD3689808CD7FB932E1E11FC4D7473235A
                                                                                                                                                                      SHA-256:3EF785A38F9A0B1471CE5EA929A3F6D070FBFD97C76262A05E1CD0A94642FACA
                                                                                                                                                                      SHA-512:E918CB8CF64DDAEED1AD2D3D5FD09BEBED9B527B592167E72D033828D82A2CA838B3F60D21CF7C389D209855BD6B4225CD1ABA1E4053EE8EB8AE4CCD9FC63443
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..e'q.... ..}Pc%lb..I.r!....0S.OV.W....d.r....+....H....I.v.:..J+X_.....e.";K{...................~k.^...U-Ab.G(...8.45.X.Q...C.U.^.x...o..?M.<l....k..\...9tH..O....Z,X....U..i...<.A...?s....W.q`...&[.ob/8..)F..7.;.H..7.....(.zl..gZ.....J....8\.C'.JbU...^..Oht.E..E%.y..B,;U/mJ.5....N......9@...+...$......P....be)z...u..qy..mmO.\......y.....u.L..../....'jk.$..b.....j$..>5X..L....&....Z...............'..a.....!H.z.....]BC.].D..S*..U.-.c....5m.3.L...:.....L.(eY.P."....R..:......k..a.qO'.......E..S...P.NO..E..2..D....p".Y....Pw;..g..].\.."p*1)V.j..g..Uy.+..-.q.;w/.9......lx.Q%...y$`.1..c...6.~[.x..8T.Lq.._`..Z.#i....4XB..XD>D...i..eQO.z.P.as...4fB..e....s.M7qne...b%...."W'..q:....... S..I.p.d.....,H.eYn,.G.|.-E.. <U.....TD.L[..d.......z.........v.x....a.(....6..[U&...=oA12).....u.*.[...] ..yD..b.$..J.O..% ./.'...XXqT.f.zk.z.V.4.fR..~....vQ..u..@..)...`..l..?..h...1...A;....#".V(O......&.,O....ge$...&.C9fykT7.....l)..H.v..........h..n.r...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.98151067482453
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:CirVCOzReb73zi0DMoq/ohFAVmBoC5z74G9IdLUvpOaLl9X65S:1oJHDi0Qoq/okVmBLzWLiDvXoS
                                                                                                                                                                      MD5:A9E83BA1BDCE2E771DE5F26508F8F70B
                                                                                                                                                                      SHA1:B391677BE07150699787A8C86D9FADAEEAB1E48D
                                                                                                                                                                      SHA-256:254A94B649D509B63B70946BF2718BACC067E5E610D7283ED42E0FBDDBA93090
                                                                                                                                                                      SHA-512:4E50CF9E5148F9CE05B2A5D6F0F7CA8EA882988F22D2127DD224CB54A733A8DC0C8FBF0B3EC4DA7BEE7A8DEDD17D4BD5C7FAB72892738E309699B8016EB92A02
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:my@~.[.!..........B^...t<&.5%H...p#.=...0.g(........Xpg.|'...?.t...%.>.^Ax...7..9.O.M......).{a.?..q.|.).......>>Z.........G...A...X.>...N..*E.gZ.......e...w5.4...w.'6.e....e..bo.$f...........%..j.M..V....i.YPq.V....w2.g.s.......[./..|..qk...1b.<']]OzJ(i...5$."..m-.#....Ni.5&.d.}.....+%.6.P..=.._.T`3....GW.....t.ye..[.C.6.......\k...4:..z...D......Mm.....S..;>....RUv...sO....6.=J%.-t..Y..$n.A......:..s.u.d _..|&..9.m.......W..ry.y..Z..6.%...+#Cc5N..i.b6........o-L.....g.n.....!xv...v*.?..,..A!._..5.TE{=..$.;../.[S...I.L%.T......id..X...?...>........q}....).....~\O4.Su......O.5..hu'R&........{.{iA..M..U..lK.....:.wiK.M.....a...~.J:....A.\[....v...7.._6.`.....1......V.......<.K....z.K...G..$..+.w...i....R....1...p.e.@U.5t.r.I...D....:....j*l.@9"....Y....!....Rz.D....F..g..TJ...e.+.W..4.........2Z0...`.....R.^.A=@.......u2.6r..0.Rq[z..xz?..0,....an.)....Z.G..9..(.w..@.5.....-..0....9b.;'...G^...^i..F.*p|-..g0..6.....NR.=............Te
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8431
                                                                                                                                                                      Entropy (8bit):7.978032597558164
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:yw+yinEH5IFg84p4Ej+zjY96ZknaM2bMmGRYP8bMPDhMiIAYt:yXyinEZl84pPsbZe2bMmGRAPDhMiIFt
                                                                                                                                                                      MD5:57F5527A459BA5756A42C8ADF851E877
                                                                                                                                                                      SHA1:0EA331B3BF1CD15D46BC7FC86C937BA04A67AF65
                                                                                                                                                                      SHA-256:EBC45D7CE6E0270ACF86CEB69E7CFAB709022F48A491AAEEC5EF598193A0BE42
                                                                                                                                                                      SHA-512:748D5060DDBB0A27C07079F24EB774CE28D6E24EC7AB011F171BAB10EB50B0FDE8C8F3374ED2130EF785A3EB4B4F0459BF7B1D16605001A14E386FFE02A6102D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..`...C.|F....5..JG%w3.?..p_.p......V.qT.D....1...O.'.3..O@..oe...._......>..a.&.{Z.....a.Hc.s(.n.....9.:4\..K.q.:Qx.b..Mp...g..#...,..V.l0.......'...J.e.Al..sw.x.K....c.<.C...H.l.=..[.I..m.v..x.....7........t.....T=.e;v..`....u.p..~.@.. .6.R.,2....R>....5......?.a{K.txH..p...^$.\..XQG.*.\...^.[.gl<........'..K......\?.f._2{..K.j.g$.8....;.nF..Q..h..0..[F..g.x....L..tn...q......!..z...&.k../i$r$.......0p..z.1C.;0..dt..+.."L~...1.JoS..W.4l.Hn.WIH...#6c....b..V.w^.vH K.......i...-...q2>1.B#..g....1....=O.)....#T/.*.Z..9U..r.-..a..b.0..|f....<.I...p.u.."w.=....U..0n..\T....Z.W..<..8_'|.. %Dm..A.cJb.ZB..6.!y.]X.h,8.Z>.G.\.YA...@Ob.I.)..'yA.kX....'...~....D.g........p..36\~=..0.E.]5Y..2.q..%.....V>xLZ....ON..}.....8Vzs"..D..d%n..M....c.?8C..&....m..q7.-..w..o.%..+.A...x.l^....jf_U..].....a....J.$I...&.....HK..Z...!..Dq.'.1..r....n%..W.....y<.X...B.E]:..A....7.......%...F.o.N.8.^+.-...5....Bw.V.....:j%^......z. _fH.....8...#.+.V.l.G..?<..!.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Public Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65793
                                                                                                                                                                      Entropy (8bit):7.997689571288358
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:idEUdDzAgLNfD2ml/ffbuPmJsxiw1Zzc54KtA:gEisgLN7vHzuLiZ5HO
                                                                                                                                                                      MD5:29CDB7442320A99A039E11328023474C
                                                                                                                                                                      SHA1:2A6739E822CFB655C653344BF3E87FA493708812
                                                                                                                                                                      SHA-256:6782BF5A9B35A3C16EA87DD8BEB7603062AEF5433CB9EA4D8392785BE12AC869
                                                                                                                                                                      SHA-512:E6D7D748C994D51B631E49D7848D51FA2DD84C0075C863838E7CE102F453E102C5CE4E5E4D547D111D8A4427F616C7B473DFEB185045DBC66B3F1EB9B140BC21
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...n43.}.=O...JAr....#uH@......I..#..mf.1...$.,....x...DC.[...Q.z..-.L....`\.J...S:r..7n...H... .S>..".u..,.1....xH;.:'b:k.z3.Zi.F~.Q....>.y.....Kx.l.D+...q0O.&.....#]X.\.9[.E..{..![..B.....P..I..{.y.R...g..o..}.!./.A...+B.-.\.......g..3:.....f..@D.U...!...E.'8.6..93........%k...G..<..&Y..r..(..N...5..H..6.a...o....6.....C......t.Tf.....A...cj.......|\..C;.(......:R...1Y.......0..0..<.g.4.O.O."S...y.o!.<....m+3.KWl.[P.......n....MD~...Jo..w.-..Q/.{.........?.~.m._..!...Z..A..W/.......Ywc...R.dk....OhV.afGW.5..>.g+.Y.M..h...wjW..j4^........q...Y..*m...(.U..`........X..`....9.,...I...jK.)t...(........r...U .LX.7.....9$Va.J5..g7..sL*.......5[..@r......S=.E..=eJ...+..?I. ..3(L{."C......"y8.....C.....4..H.iD.f....'....6"d..SZ...A...Od.dE.%U&.n....h.....z...T.7...........V+ .....@~.[V?e^sRW..%.8..R.....C1yY...`S@..qw.+.D..I...5W.<f.eO.6.=.i.@.."0...%./..H..C.!.!.......dOWb..:....Ib..)..=..r.:.QY-.......Nm.....,cU.....!..\D...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Public Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65798
                                                                                                                                                                      Entropy (8bit):7.997017549634351
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:Qh+zCoan7fJ/OMRE6mofhUMCxP4XpJNiILkHzb25TK:Ja7B/OMRo+hBZSIy65+
                                                                                                                                                                      MD5:E7E0DE995C705B208186F480EB1B83EF
                                                                                                                                                                      SHA1:01DCD1D42AEB591D2BCAFE9280685148BB5906E7
                                                                                                                                                                      SHA-256:7A7EF2779538BB5D20364E70C79EBDDE36778EA50068297084BAE0D7B6CC2757
                                                                                                                                                                      SHA-512:10A141D7ADDA3D64179957931C88AD25488DC745DED35A72ABFB99F6738351AA7E25E5CFE422CC7693CFCBC745CD6F4ACE86F51DFDB0E4265CF945F493DA3F6C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..).y..gL...........K.@..n......o .;..,.+,....Ui|j...Pv.......4....s.X.{.BQ3dK..]p^y.XY....9/w....RN.nwkI..w..tL7/.....wh..:W....(G...N.U++~...]c.....l.....c.6.!.[;Q..}P....Ne@.d....Nq..%..2.^.\......TQ....I98..zv..W4..,.^.<.o.h......*.3..D..I...+.......H.....p~m~.*..f..g..I..(...l.Bh.=....,...MC.%\.k...@[....{............1.[.?.Y.y..9.....h..,....z.....=...w......O..Yu..X......W......7..yo..p.......t?I.s-.f.....P(..$.Em]#.E.Bg.....0........^..M..g....}.oQ./h...eB*Vn.......i.."=.."....ioK..W...;.@<V.PhpJ.&y.q..G.?...:p,...p.....y.i.../&..W...[.....d..b.q..Hz..o..;/s.5D...{9.&&:4.......FD..|.............HE....a.A_L....z.MY.F..P.5Q....WoM...../..d@W.*.....5....c....O...ZU?.../..%..k...S.^.;..{.F....+P..B..._...o...s......W....y....DF./O..;...K....i..#.Xgy:...g%..>......54.O.....m.K.o....H.."m..",..T....G...E#/...ZH..=..u.\.....z.........Q..5.%.jl.g..R........|...b<._.....OF..4.a.^.;.=.".LOq2%x....t,.!M.GU...'i.....n....*...*l9#J..N..IA.F...t
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4194544
                                                                                                                                                                      Entropy (8bit):2.0387380560589645
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:Mr/yQfORuFBPAk5eaKNKAq7o2r5/Wt7pEzDv:6KQIuFBPAsAcPktWzD
                                                                                                                                                                      MD5:16F922533EFC5FA81F75BC08E021ED80
                                                                                                                                                                      SHA1:1C7654C89D1EE07599B9D95D8E57100EDCDCD11F
                                                                                                                                                                      SHA-256:07EBD8CD53452237F4B5412A4A75D2E49A7BBC595069425ECBD64CCEAF8D1C71
                                                                                                                                                                      SHA-512:E71BBAC8F5AAC59FF9FCC59513A0BE5C329340D7E357E234C5EC9D8F942D6DB37A9DA5E7C5066C6FB97073BC6590B998DA564CC870EFFDAEF9E0B0B4FCF375A6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..VXw.d.r.'i...W..7.S.^...9.q.\....d....|z.....COd4.|@... ...K...-..4x....0.....5.......n.#....8o.j.g|..B.X.p.3.*m83.......3ga.(=.x*...\.YI.5..{,X..'.H.=.@.T.De:..fs.M1T.A@........./.7F*.Ar~._.O.Ct..f.}).=~c...*.\...-..![._=.1R.c...........9E..G.#...LSQeA....!m......:/c.P..^E.c*....'.U...........Q.....d..z..l.t...d.J.....rd. ....\.1...PT....l)l....(...Zg.+..-.PJ.....#..b...@.D..0......L).........2 ?et..B~..L.... ..Nw.W4...,.6.9.+.+..:...[...N....N3.P.m#.u. <.^o.y.......x.BE...6...@.6..k.....l/......[x.U)...PA.pI..@....X..:..v....T...z.....s..H.;..zK.u..l..S.P......v..8.^.p.......p.O<..V..].+.K`..#J...bw.e....e....HxkH.......l.V...`=.e.....5.,U<..;.O0.KB..t..UAl...~R..........XY.iF....zt#T.K.^_..;.b<{..G.....d\...FD>.cu..Q...=.sr.+..H'Tq.IAJ..y...?]H..7k%....,.f.S.V......"[.......O....$1O.j2.......i..Dn...R.v...g.....)..=.X.......MHq.f...T.9.......))...8.d.K.@n..cZOb.J...6 .Q.$.q6....b..x...a.......p....}..b..y.0...r....\..!..u....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16623
                                                                                                                                                                      Entropy (8bit):7.988527453536506
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:cVx1fd1nZspQpKrCnUJX+eBY+1mXOCvKHMhb:idh+4KOUJX+eBYvOybhb
                                                                                                                                                                      MD5:8DDDEC9F7978ABC899D492BAB3C6F8D1
                                                                                                                                                                      SHA1:F55137FB145116610D1358139DFD1F3B86BE93E5
                                                                                                                                                                      SHA-256:8171B690406ED8D61B405FC1122FCD603C8B26D7F657BB44AA5AD84376C29A20
                                                                                                                                                                      SHA-512:04AE3E7445AF360328BE28921371521E2236CD0149B1BF1CF4A91371B0C0F5E663A82C3BF2FD146B86DA5342AD410DCFF680D00D2D9716F69210684A5FA79106
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...L..j.S.Eu..z......9.......!e..w.p~..............w.n...&....)f`&.....Aw..x3..U$.X..O6G2_g....$...?..-...A.}...P....;..b..N.......*eh%P./....Q......}.$q.....R..s"......J?.W.>.E;`...UM...._..._U.5....E'AK...N......9.&..OW.zjc...................j(.?.V...........4G..jJ..-.K......8...0.5..&z.....al.......3I0..v0.\~i../..XI.._.U...<v"..U'...9x....A.r*.....r'..|.Z....37.k.S:.d..u.2.......]^....w....?.Hv..z../...y..4..`p.T.G....(..9..q..Dc.t..`.v.o.z.s...*WvA...$.Pe..8h.;g...(.K.n5..c.a.fR...-....N.$Y..GlXOc..(w.:1...jvmET0.......[...Ojm..'.&]t..Bq.'....:............l~...<.M..........&.'s[`{....7P..4^..d.....);..<.......%#.....2&~..ET..P...`...s..\e..R=Yf.}2. .by..x\(.n.z]..B..K|}.D5..e.........mX.....-.;..^xuZ........0.@.4.I.r.j..v5N..n....}9v..)6.U..U...+Y.j.e.j.L...5....[..0r..%BS..h>%..<.Wb..@.+...".*n.i.n.....P.._.%F....5....ai.....1.FX.4.).bW...".Gt.Z%.O..+6.a..I..K.8,......4..j.Z5...m. ;.p...A..~P.g....&.yM.+6...t.Oj.^..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:ASCII text, with very long lines (1298), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20971520
                                                                                                                                                                      Entropy (8bit):0.014477184295482906
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:9NTmpFA9nLCBf4r4B484Z4a4W4Q6aO4E0+S49cw4Umb4UxB4cK:9NTmpFA9nLCBAUSh6fD8rE4gx
                                                                                                                                                                      MD5:FE19CBC14CD05E522F5DCF829AD87C91
                                                                                                                                                                      SHA1:54BCE91CC1D505E52DF07240C465639A19DF5FC4
                                                                                                                                                                      SHA-256:250177C19756200CC36FD04797CDB122352D5382C167CFCCF7E5C8CD68C202EA
                                                                                                                                                                      SHA-512:181869AB06AD7E2C0199468F8C35FEB02D6D7C226741C0CD01EE85FD64F06BB4273494D528FE6C3A94B49A95A6E9D43578E3F9463407D02C9DDA67564AA6BC9B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..04/26/2024 06:19:48.232.ONENOTE (0x1690).0xA50.Microsoft OneNote.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":19,"Time":"2024-04-26T06:19:48.232Z","Contract":"Office.System.Activity","Activity.CV":"X2xJNUXdZkG9neJvzCYRYw.6.1","Activity.Duration":540,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Activity.Result.Code":-2147024890,"Activity.Result.Type":"HRESULT","Activity.Result.Tag":528307459}...04/26/2024 06:19:48.232.ONENOTE (0x1690).0xA50.Microsoft OneNote.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.ProcessIdleQueueJob","Flags":33777014401990913,"InternalSequenceNumber":20,"Time":"2024-04-26T06:19:48.232Z","Contract":"Office.System.Activity","Activity.CV":"X2xJNUXdZkG9neJvzCYRYw.6","Activity.Duration":4611,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Data.Fail
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20971520
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                                                      SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                                                      SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                                                      SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                      Entropy (8bit):0.4267407363638442
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:grmMXvo7ej9GU6EepOlF3S2BAOCcNafqrNsylVlsolDPZ1XKDq2:grHiej4KbmckO8/O
                                                                                                                                                                      MD5:7B563EF0A54275867007D556C8B83F56
                                                                                                                                                                      SHA1:C9B38BF1C053E87DEF5673F9902DF24332C9163A
                                                                                                                                                                      SHA-256:15A1A0B3D97D31EE456AD72A833D4D44FFD8310154F377ADD4FAA28D4F69A8B9
                                                                                                                                                                      SHA-512:15549206391FC03A2640F45387F0D63B2DA1306745D7F0EEB8B2B7F9AEF57653F574AB05504E506730B418DFA81D3CA0C23B3EA39DEB698B8969835C1259D92C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:................................XM...p.. EMF....p...............l.......D........... ...............?....f..P.r.i.n.t. .t.e.s.t.....%...........%...........R...p...................................C.o.n.s.o.l.a.s...................................................................................................q....g....4...v&.t....l+.v.&.tD....h...................gtD.........)u................ 8.............g.......................v",I............v.......v..)uX......vm..v....d.....*u...........v..*u........d...dv......%.......................................................b...........d...................................................T...T..........................@?@.@'...5.......L.......................P... ...........................................................T...T..........................@?@.@............L.......................P... ...................................T.......'...5..................@?@.@'...5.......L.......................|...L.o.c.k.B.i.t. .B.l.a.c.k. .R.a.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 50 x 500, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2033
                                                                                                                                                                      Entropy (8bit):6.8741208714657
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
                                                                                                                                                                      MD5:CA7D2BECCBC3741D73453DCF21D846E0
                                                                                                                                                                      SHA1:E34B7788498E33FFF0CFB00125E6BA9E090F6CED
                                                                                                                                                                      SHA-256:E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
                                                                                                                                                                      SHA-512:7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 30 x 700, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1547
                                                                                                                                                                      Entropy (8bit):6.4194805172468286
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
                                                                                                                                                                      MD5:0BA36A74DFBF411FAB348404CCEC3348
                                                                                                                                                                      SHA1:4C619790E517416E178161028987DF1CD3B871CC
                                                                                                                                                                      SHA-256:2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
                                                                                                                                                                      SHA-512:90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3361
                                                                                                                                                                      Entropy (8bit):7.619405839796034
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
                                                                                                                                                                      MD5:A994063FF2ABEB78917C5382B2F5FA8C
                                                                                                                                                                      SHA1:BD5C4D816B04A2B6596DFE38DB01228F553FACCC
                                                                                                                                                                      SHA-256:D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
                                                                                                                                                                      SHA-512:CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~*..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3*U.7..|M.x...|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):29187
                                                                                                                                                                      Entropy (8bit):7.971308326749753
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
                                                                                                                                                                      MD5:DF99CAAAB9A7DE97B63343E60A699AB6
                                                                                                                                                                      SHA1:B84334135CFB73BC6EF55F85926770D5AC6DFEA8
                                                                                                                                                                      SHA-256:74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
                                                                                                                                                                      SHA-512:5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;*.'.f.5^.....m..<$....8.R.j.D.v..>...*dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%.*.S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..|D...+...NA....Y.^f.1|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N.....*.U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):59707
                                                                                                                                                                      Entropy (8bit):7.858445368171059
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
                                                                                                                                                                      MD5:47ADB0DF6FDA756920225A099B722322
                                                                                                                                                                      SHA1:851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
                                                                                                                                                                      SHA-256:EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
                                                                                                                                                                      SHA-512:85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1873
                                                                                                                                                                      Entropy (8bit):7.534961703340853
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
                                                                                                                                                                      MD5:4FC8500BD304AD127AF4B5E269DFF59B
                                                                                                                                                                      SHA1:9A5E3432358A0FCDECE86AEB967319B93A65D14A
                                                                                                                                                                      SHA-256:B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
                                                                                                                                                                      SHA-512:E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O..*...5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F].........*.:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11040
                                                                                                                                                                      Entropy (8bit):7.929583162638891
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
                                                                                                                                                                      MD5:02775A1E41CF53AC771D820003903913
                                                                                                                                                                      SHA1:2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
                                                                                                                                                                      SHA-256:83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
                                                                                                                                                                      SHA-512:5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):25622
                                                                                                                                                                      Entropy (8bit):7.058784902089801
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                      MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                      SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                      SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                      SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):140755
                                                                                                                                                                      Entropy (8bit):7.9013245181576695
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
                                                                                                                                                                      MD5:CC087700C07D674D69AFDFDA0FA9825C
                                                                                                                                                                      SHA1:F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
                                                                                                                                                                      SHA-256:A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
                                                                                                                                                                      SHA-512:843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15740
                                                                                                                                                                      Entropy (8bit):6.0674556182683945
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                      MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                      SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                      SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                      SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):33032
                                                                                                                                                                      Entropy (8bit):2.941351060644542
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
                                                                                                                                                                      MD5:ACF4A9F470281F475EA45E113E9FB009
                                                                                                                                                                      SHA1:B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
                                                                                                                                                                      SHA-256:5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
                                                                                                                                                                      SHA-512:998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):27862
                                                                                                                                                                      Entropy (8bit):7.238903610770013
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                      MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                      SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                      SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                      SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52945
                                                                                                                                                                      Entropy (8bit):7.6490972666456765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                      MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                      SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                      SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                      SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12824
                                                                                                                                                                      Entropy (8bit):7.974776104184905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                      MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                      SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                      SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                      SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 60 x 336, 4-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):347
                                                                                                                                                                      Entropy (8bit):6.85024426015615
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
                                                                                                                                                                      MD5:78762C169F8B104CB57DFF5A1669D2DF
                                                                                                                                                                      SHA1:9638B71B584CD636834016A635ABF8D9C0887711
                                                                                                                                                                      SHA-256:E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
                                                                                                                                                                      SHA-512:5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14177
                                                                                                                                                                      Entropy (8bit):5.705782002886174
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                      MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                      SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                      SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                      SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):99293
                                                                                                                                                                      Entropy (8bit):7.9690121496708555
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
                                                                                                                                                                      MD5:EA45266A770EEA27A24A5BB3BE688B14
                                                                                                                                                                      SHA1:9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
                                                                                                                                                                      SHA-256:EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
                                                                                                                                                                      SHA-512:D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...-...c............sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R..*.<........6...m@..r..j2..HK"|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n...*......#..W.41...5.#.`..I...<.?.|..*+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3*..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60924
                                                                                                                                                                      Entropy (8bit):7.758472758205366
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
                                                                                                                                                                      MD5:D58C51D2CF586A5E14A9EC8529C3B0A8
                                                                                                                                                                      SHA1:F4811A353797C29B1E3F5A61B125C46E1534D587
                                                                                                                                                                      SHA-256:F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
                                                                                                                                                                      SHA-512:34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.........................................................yK..xd...6..|%....\j..e.=...Y..f..I.|-....e...$R.j.......~.W#....{.....V.k.|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.|r;g!.._X..N.p.4.......................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 40 x 623, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1569
                                                                                                                                                                      Entropy (8bit):7.583832946136897
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
                                                                                                                                                                      MD5:07DB3F43DE7C1392C67802E74707DAA6
                                                                                                                                                                      SHA1:C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
                                                                                                                                                                      SHA-256:51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
                                                                                                                                                                      SHA-512:E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12654
                                                                                                                                                                      Entropy (8bit):7.745439197485533
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
                                                                                                                                                                      MD5:4BCCCDBB4273ECEBE216C84930A8D0B2
                                                                                                                                                                      SHA1:FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
                                                                                                                                                                      SHA-256:474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
                                                                                                                                                                      SHA-512:DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+....*.4W...lUFh....v..._..wn...dW....y._..v..E~...*...@wn...dW....y._...v..U..@wn...d..{`;.|U.2g...*.3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.*."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):41893
                                                                                                                                                                      Entropy (8bit):7.52654558351485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                      MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                      SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                      SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                      SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5465
                                                                                                                                                                      Entropy (8bit):7.79401348966645
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
                                                                                                                                                                      MD5:8470F9A96B6C6CAD9EE60961E96D19B2
                                                                                                                                                                      SHA1:AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
                                                                                                                                                                      SHA-256:2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
                                                                                                                                                                      SHA-512:CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w|.H..*.K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.|f/..+\ID.r/.o........0i..*.G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?*...I....M.0<.u....!..C..U.T.....s.Q......_..7K..*.....?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52945
                                                                                                                                                                      Entropy (8bit):7.6490972666456765
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
                                                                                                                                                                      MD5:AD003F032F32FAC4672D4CE237FA5C5B
                                                                                                                                                                      SHA1:AE234931B452F0D649D91291763B919CF350EA49
                                                                                                                                                                      SHA-256:ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
                                                                                                                                                                      SHA-512:ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k|...S..d.4.>.RW5z.$.i.)V.O....>o...c..*&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N*..|.4...80.#..e....t.J..ZQ.x|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 39 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2104
                                                                                                                                                                      Entropy (8bit):7.252780160030615
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
                                                                                                                                                                      MD5:F6C596F505504044DF1E36BA5DA3F09B
                                                                                                                                                                      SHA1:BCF17EC408899B822492B47E307DE638CC792447
                                                                                                                                                                      SHA-256:EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
                                                                                                                                                                      SHA-512:E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2898
                                                                                                                                                                      Entropy (8bit):7.551512280854713
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
                                                                                                                                                                      MD5:7C7D9922101488124D2E4666709198AC
                                                                                                                                                                      SHA1:00CC44A1B84D4D94A0ACE8834491EB5F65D04619
                                                                                                                                                                      SHA-256:20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
                                                                                                                                                                      SHA-512:882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................| F.. ...j*...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!*.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):68633
                                                                                                                                                                      Entropy (8bit):7.709776384921022
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                      MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                      SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                      SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                      SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):39010
                                                                                                                                                                      Entropy (8bit):7.362726513389497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                      MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                      SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                      SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                      SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53259
                                                                                                                                                                      Entropy (8bit):7.651662052139301
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                      MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                      SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                      SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                      SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4819
                                                                                                                                                                      Entropy (8bit):7.874649683222419
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
                                                                                                                                                                      MD5:5D6C1F361BC04403555BE945E28E53FC
                                                                                                                                                                      SHA1:00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
                                                                                                                                                                      SHA-256:131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
                                                                                                                                                                      SHA-512:34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V.*..S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f*.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1717
                                                                                                                                                                      Entropy (8bit):7.154087739587035
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
                                                                                                                                                                      MD5:943371B39CA847674998535110462220
                                                                                                                                                                      SHA1:5CA79B7BD7E0E93271463FAEF3280F1644CBA073
                                                                                                                                                                      SHA-256:9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
                                                                                                                                                                      SHA-512:812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J*....Q...b.Q..Ah....Ah..b.Ah..b.PZ*.(.@z.?.`;2.......................................................Q...b.Q..EZ*.(..Z>.G.....`Z+E......J*....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24268
                                                                                                                                                                      Entropy (8bit):6.946124661664625
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                      MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                      SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                      SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                      SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12180
                                                                                                                                                                      Entropy (8bit):5.318266117301791
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
                                                                                                                                                                      MD5:5C859FF69B3A271A9AAB08DFA21E8894
                                                                                                                                                                      SHA1:3156302A7450ADFF4D1B6EC893E955D3764D4DD4
                                                                                                                                                                      SHA-256:B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
                                                                                                                                                                      SHA-512:4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15740
                                                                                                                                                                      Entropy (8bit):6.0674556182683945
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
                                                                                                                                                                      MD5:FFA5EC40DC9A0FD10EB9E6355142D6A6
                                                                                                                                                                      SHA1:3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
                                                                                                                                                                      SHA-256:D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
                                                                                                                                                                      SHA-512:6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):784
                                                                                                                                                                      Entropy (8bit):6.962539208465222
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
                                                                                                                                                                      MD5:14105A831FE32590E52C2E2E41879624
                                                                                                                                                                      SHA1:078FA63FC7DB5830E9059DF02D56882240429D90
                                                                                                                                                                      SHA-256:D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
                                                                                                                                                                      SHA-512:8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..*ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`.*..C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%|.f.~.......:y....S....UKovh...W'........lF... .................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 77 x 627, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5136
                                                                                                                                                                      Entropy (8bit):7.622045262603241
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
                                                                                                                                                                      MD5:FA38AFA965141EA3F17863EE8DCCDE61
                                                                                                                                                                      SHA1:2B4611E651AF7549C1AA73932B1136B561A7602F
                                                                                                                                                                      SHA-256:E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
                                                                                                                                                                      SHA-512:A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55804
                                                                                                                                                                      Entropy (8bit):7.433623355028275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                      MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                      SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                      SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                      SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):64118
                                                                                                                                                                      Entropy (8bit):7.742974333356952
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
                                                                                                                                                                      MD5:864EEA0336F8628AE4A1ED46D4406807
                                                                                                                                                                      SHA1:CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
                                                                                                                                                                      SHA-256:7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
                                                                                                                                                                      SHA-512:0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):79656
                                                                                                                                                                      Entropy (8bit):7.966459570826366
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
                                                                                                                                                                      MD5:39FF3ACAE544EAC172B1269F825B9E9F
                                                                                                                                                                      SHA1:2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
                                                                                                                                                                      SHA-256:70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
                                                                                                                                                                      SHA-512:3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\.*.N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........|..4.wJ*..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129887
                                                                                                                                                                      Entropy (8bit):7.8877849553452695
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
                                                                                                                                                                      MD5:737E96E41D79D3BDACE7AB4F8CBF6274
                                                                                                                                                                      SHA1:E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
                                                                                                                                                                      SHA-256:7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
                                                                                                                                                                      SHA-512:D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:..*....a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32656
                                                                                                                                                                      Entropy (8bit):3.9517299510231485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                      MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                      SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                      SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                      SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):86187
                                                                                                                                                                      Entropy (8bit):7.951356272886186
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
                                                                                                                                                                      MD5:FEE4785DF76E93A9DC2F4501CBAEAE12
                                                                                                                                                                      SHA1:8FB4527BDE05EF208FCDB168098A07707C27501F
                                                                                                                                                                      SHA-256:F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
                                                                                                                                                                      SHA-512:7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.*]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....|.,lZKCEB.t...fw|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..W*H<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):55804
                                                                                                                                                                      Entropy (8bit):7.433623355028275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
                                                                                                                                                                      MD5:4126992F65FE53D3E3E78F6B27FD49DC
                                                                                                                                                                      SHA1:BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
                                                                                                                                                                      SHA-256:3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
                                                                                                                                                                      SHA-512:624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.*a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[...*..t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):68633
                                                                                                                                                                      Entropy (8bit):7.709776384921022
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
                                                                                                                                                                      MD5:41241EE59AB7BC9EB34784E3BCE31CB4
                                                                                                                                                                      SHA1:98680761A51E9199CF3C89F68B5309FBEC7EE3CB
                                                                                                                                                                      SHA-256:035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
                                                                                                                                                                      SHA-512:3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):41893
                                                                                                                                                                      Entropy (8bit):7.52654558351485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
                                                                                                                                                                      MD5:F25427EFECFEE786D5A9F630726DD140
                                                                                                                                                                      SHA1:BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
                                                                                                                                                                      SHA-256:5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
                                                                                                                                                                      SHA-512:B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ*.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[F*ly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):84097
                                                                                                                                                                      Entropy (8bit):7.78862495530604
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
                                                                                                                                                                      MD5:37EED97290E8ECB46A576C84F0810568
                                                                                                                                                                      SHA1:18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
                                                                                                                                                                      SHA-256:140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
                                                                                                                                                                      SHA-512:E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):52912
                                                                                                                                                                      Entropy (8bit):7.679147474806877
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
                                                                                                                                                                      MD5:1122BF4C2A42B4FA7F29D3C94954A7C9
                                                                                                                                                                      SHA1:3750077A830FE21735A43ABD35C63BA9A4D4B0DE
                                                                                                                                                                      SHA-256:423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
                                                                                                                                                                      SHA-512:4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=....*.......S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):47294
                                                                                                                                                                      Entropy (8bit):7.497888607667405
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
                                                                                                                                                                      MD5:7A450E086AD14BA7D89BA5DB3D3AE6C7
                                                                                                                                                                      SHA1:E7AEAFCFCE476390E18C19456BDF6529D863D518
                                                                                                                                                                      SHA-256:BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
                                                                                                                                                                      SHA-512:9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1|....[...jQ.%Zb.......t..........*..V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=*N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 85 x 470, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11197
                                                                                                                                                                      Entropy (8bit):7.975073010774664
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
                                                                                                                                                                      MD5:DDC3CC30794277500EFE4BC6667EC123
                                                                                                                                                                      SHA1:EFC9642C1F95B5FC38764476AE481649C016FA0C
                                                                                                                                                                      SHA-256:7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
                                                                                                                                                                      SHA-512:25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 50 x 600, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4410
                                                                                                                                                                      Entropy (8bit):7.857636973514526
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
                                                                                                                                                                      MD5:2494381A1ACDC83843B912CFCDE5643B
                                                                                                                                                                      SHA1:98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
                                                                                                                                                                      SHA-256:5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
                                                                                                                                                                      SHA-512:0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}|..{'.U..~......}....s.............,CVu.x.:C..5...;.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):179460
                                                                                                                                                                      Entropy (8bit):7.979020171518325
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
                                                                                                                                                                      MD5:4E131DBFEC5C2462273CA7B35675B9D9
                                                                                                                                                                      SHA1:CA037F444D819A118AC37D7AA3782B9BF94C1616
                                                                                                                                                                      SHA-256:2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
                                                                                                                                                                      SHA-512:C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k......*......#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,*x.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):39010
                                                                                                                                                                      Entropy (8bit):7.362726513389497
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
                                                                                                                                                                      MD5:9700DE02720CDB5A45EDE51F1A4647EC
                                                                                                                                                                      SHA1:CF72A73E1181719B1CC45C2FE0A6B619081E115E
                                                                                                                                                                      SHA-256:7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
                                                                                                                                                                      SHA-512:5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......|]v....D..9.k.w.|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32656
                                                                                                                                                                      Entropy (8bit):3.9517299510231485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                      MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                      SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                      SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                      SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):36740
                                                                                                                                                                      Entropy (8bit):7.48266872907324
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
                                                                                                                                                                      MD5:9C205C8D770516C5AA70D31B2CA00AF3
                                                                                                                                                                      SHA1:9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
                                                                                                                                                                      SHA-256:E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
                                                                                                                                                                      SHA-512:A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 40 x 617, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):827
                                                                                                                                                                      Entropy (8bit):7.23139555596658
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
                                                                                                                                                                      MD5:3E675D61F588462FB452342B14BCF9C0
                                                                                                                                                                      SHA1:86B62019BC3C5BE48B654256B5D10293FC8C842A
                                                                                                                                                                      SHA-256:639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
                                                                                                                                                                      SHA-512:E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.|.._...7..D..Ya.l.....{.@&.|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3428
                                                                                                                                                                      Entropy (8bit):7.766473352510893
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
                                                                                                                                                                      MD5:EE9E2DF458733B61333E8A82F7A2613D
                                                                                                                                                                      SHA1:A86704C969F51B86D6A05ED51C6C60214ED9FA89
                                                                                                                                                                      SHA-256:BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
                                                                                                                                                                      SHA-512:BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z*...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v...*.q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65998
                                                                                                                                                                      Entropy (8bit):7.671031449942883
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
                                                                                                                                                                      MD5:B4F0A040890EE6F61EF8D9E094893C9C
                                                                                                                                                                      SHA1:303BCBA1D777B03BFD99CC01A48E0BB493C93E04
                                                                                                                                                                      SHA-256:1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
                                                                                                                                                                      SHA-512:8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3555
                                                                                                                                                                      Entropy (8bit):7.686253071499049
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
                                                                                                                                                                      MD5:8A5444524F467A45A5A10245F89C855A
                                                                                                                                                                      SHA1:ACE68D567B02B68275E0345C86DB1139C0EC1386
                                                                                                                                                                      SHA-256:7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
                                                                                                                                                                      SHA-512:8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn*..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..|3.........................*Q..../c.....f.}8....D..|k..Z......0..~..c..e..m(...|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):70028
                                                                                                                                                                      Entropy (8bit):7.742089280742944
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
                                                                                                                                                                      MD5:EC7811912ACA47F6AEB912469761D70D
                                                                                                                                                                      SHA1:C759BC2D908705D599B03BDB366C951B11F99A4E
                                                                                                                                                                      SHA-256:FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
                                                                                                                                                                      SHA-512:881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12824
                                                                                                                                                                      Entropy (8bit):7.974776104184905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                      MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                      SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                      SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                      SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):27862
                                                                                                                                                                      Entropy (8bit):7.238903610770013
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
                                                                                                                                                                      MD5:E62F2908FA5F7189ED8EEBD413928DEE
                                                                                                                                                                      SHA1:CA249B4A70924B73BDA52972E9C735AEC35A0C5D
                                                                                                                                                                      SHA-256:20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
                                                                                                                                                                      SHA-512:EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..|.Q..I.&.. ......"T4)wdH.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32656
                                                                                                                                                                      Entropy (8bit):3.9517299510231485
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
                                                                                                                                                                      MD5:DD4CA4BC0A73FCB71BEBAA3C29CB8F66
                                                                                                                                                                      SHA1:1A7085771D7941540EC94A1BD24D7CC8EA556D4B
                                                                                                                                                                      SHA-256:0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
                                                                                                                                                                      SHA-512:5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....l...r...1...*...^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+*@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+*@..$..........?...........?.........@.......................}*E
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3009
                                                                                                                                                                      Entropy (8bit):7.493528353751471
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
                                                                                                                                                                      MD5:D9BD80D40B458EDB2A318F639561579A
                                                                                                                                                                      SHA1:83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
                                                                                                                                                                      SHA-256:509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
                                                                                                                                                                      SHA-512:C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .t*e..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N....*..........#..M<|.2.Y.../QO.x.cTM4......+.F;V.x.de*....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):53259
                                                                                                                                                                      Entropy (8bit):7.651662052139301
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
                                                                                                                                                                      MD5:2EE369ABB7936F8C28FF0ABDD224EA05
                                                                                                                                                                      SHA1:FE9D304A7B49E31EAE439369ABC548E265149636
                                                                                                                                                                      SHA-256:FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
                                                                                                                                                                      SHA-512:5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}.*.a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{|>..MN=:....Q[..H....a........|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u...*.p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):84941
                                                                                                                                                                      Entropy (8bit):7.966881945560921
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
                                                                                                                                                                      MD5:CB84C108A76C2AFFCAC2551A3C1EAD56
                                                                                                                                                                      SHA1:8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
                                                                                                                                                                      SHA-256:139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
                                                                                                                                                                      SHA-512:6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 50 x 556, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):977
                                                                                                                                                                      Entropy (8bit):7.231269197132181
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
                                                                                                                                                                      MD5:B7F74C18002A81A578A4EE60C407A8D3
                                                                                                                                                                      SHA1:70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
                                                                                                                                                                      SHA-256:95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
                                                                                                                                                                      SHA-512:13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24268
                                                                                                                                                                      Entropy (8bit):6.946124661664625
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
                                                                                                                                                                      MD5:3CD906D179F59DDFA112510C7E996351
                                                                                                                                                                      SHA1:48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
                                                                                                                                                                      SHA-256:1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
                                                                                                                                                                      SHA-512:2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):59832
                                                                                                                                                                      Entropy (8bit):7.308211468398169
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                      MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                      SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                      SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                      SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):34299
                                                                                                                                                                      Entropy (8bit):7.247541176493898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
                                                                                                                                                                      MD5:E9C52A7381075E4EBC59296F96C79399
                                                                                                                                                                      SHA1:BE295AD24D46E2420D7163642B658BF3234A27EA
                                                                                                                                                                      SHA-256:D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
                                                                                                                                                                      SHA-512:95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q|..'.;\..6..v......e...../.k..|.8..i..|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L|.'5...
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 88 x 574, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):19920
                                                                                                                                                                      Entropy (8bit):7.987696084459766
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
                                                                                                                                                                      MD5:1BDAD9B3B6DE549162F9567697389E1C
                                                                                                                                                                      SHA1:5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
                                                                                                                                                                      SHA-256:0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
                                                                                                                                                                      SHA-512:475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12824
                                                                                                                                                                      Entropy (8bit):7.974776104184905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
                                                                                                                                                                      MD5:2628353534C5AD86CBFE57B6616D46DD
                                                                                                                                                                      SHA1:244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
                                                                                                                                                                      SHA-256:69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
                                                                                                                                                                      SHA-512:2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}*f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F*.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.|. ......EC..............1.\
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40035
                                                                                                                                                                      Entropy (8bit):7.360144465307449
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
                                                                                                                                                                      MD5:B1DDD365D87605F96D72042CB56572F6
                                                                                                                                                                      SHA1:ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
                                                                                                                                                                      SHA-256:06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
                                                                                                                                                                      SHA-512:9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R*.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$.*.r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<|..1/.|.....b..-..y....]U#Ctn.7m.._.|..2I;|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):67991
                                                                                                                                                                      Entropy (8bit):7.870481231782746
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
                                                                                                                                                                      MD5:1271B1905D18A40D79A5B9DB27EE97EA
                                                                                                                                                                      SHA1:9618608FBD7342DE6C71220A36C3F4995BA9C13E
                                                                                                                                                                      SHA-256:5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
                                                                                                                                                                      SHA-512:C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi*.k..?#..._...X..R.&]..[..;../]L..f..V......*.e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 171 x 552, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10056
                                                                                                                                                                      Entropy (8bit):7.956064700093514
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
                                                                                                                                                                      MD5:E1B57A8851177DD25DC05B50B904656A
                                                                                                                                                                      SHA1:96D2E31A325322F2720722973814D2CAED23D546
                                                                                                                                                                      SHA-256:2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
                                                                                                                                                                      SHA-512:BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):22203
                                                                                                                                                                      Entropy (8bit):6.977175130747846
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                      MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                      SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                      SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                      SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 39 x 579, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):515
                                                                                                                                                                      Entropy (8bit):6.740133870626016
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
                                                                                                                                                                      MD5:E96BE30D892A5412CF262FEE652921CA
                                                                                                                                                                      SHA1:8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
                                                                                                                                                                      SHA-256:0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
                                                                                                                                                                      SHA-512:D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2695
                                                                                                                                                                      Entropy (8bit):7.434963358385164
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
                                                                                                                                                                      MD5:B23DE98D5B4AFC269ED7EBFDDECE9716
                                                                                                                                                                      SHA1:10AF507A8079293A9AE0E3B96CF63A949B4588AA
                                                                                                                                                                      SHA-256:646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
                                                                                                                                                                      SHA-512:BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=.*.f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..|.Y|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y.*.Ib...VZ+......Y.........'.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):25622
                                                                                                                                                                      Entropy (8bit):7.058784902089801
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
                                                                                                                                                                      MD5:F8CCFC24DEB1D991EBE085E1B2D7D9BF
                                                                                                                                                                      SHA1:AF76C22A765434AEDA134924C517C84107F4FED5
                                                                                                                                                                      SHA-256:7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
                                                                                                                                                                      SHA-512:818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q*.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..|..n.....6.*...f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf..*....z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.)*.e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):59832
                                                                                                                                                                      Entropy (8bit):7.308211468398169
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
                                                                                                                                                                      MD5:DCDD543A4E0BA2C1909BA095D46FFBCB
                                                                                                                                                                      SHA1:B86C89537138FE07255354202D3EAD0B53B3C54D
                                                                                                                                                                      SHA-256:28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
                                                                                                                                                                      SHA-512:5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40884
                                                                                                                                                                      Entropy (8bit):7.545929039957292
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                      MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                      SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                      SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                      SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2268
                                                                                                                                                                      Entropy (8bit):7.384274251000273
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
                                                                                                                                                                      MD5:09A7AE94AA8E517298A9618A13D6E0E2
                                                                                                                                                                      SHA1:FA5181A7414BA32F816BF0C4278EC20C615E8B1A
                                                                                                                                                                      SHA-256:3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
                                                                                                                                                                      SHA-512:074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)*..TT...."....T.Tc.**j..............j.z!*.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}*.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._..*_C.k..p9.p..O..vu...'........0v
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):65589
                                                                                                                                                                      Entropy (8bit):7.960181939300061
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
                                                                                                                                                                      MD5:8B48DA9F89264D14B83FF9969F869577
                                                                                                                                                                      SHA1:E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
                                                                                                                                                                      SHA-256:62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
                                                                                                                                                                      SHA-512:03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR.......{.....;Za.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... |...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S*..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}*.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^.*..$F..{G...8.#....8'..&....8..5.....3(P._....S......|".....u.cr....+a-....&V..x...iI-<|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.A*c^.......*..D..uL=.}.#*0.. M!.A.C......|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):22203
                                                                                                                                                                      Entropy (8bit):6.977175130747846
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
                                                                                                                                                                      MD5:2D3128554F6286809B2C8E99DE5FD3F6
                                                                                                                                                                      SHA1:FC42CB04151D36F448093BDEFE33031A9B8D797D
                                                                                                                                                                      SHA-256:14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
                                                                                                                                                                      SHA-512:D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....XExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&...........*.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):242903
                                                                                                                                                                      Entropy (8bit):7.944495275553473
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
                                                                                                                                                                      MD5:C594A4AA7234EF91E6C2714CFE1410F1
                                                                                                                                                                      SHA1:C0F720D4CE3196852814D0B7347F0CAA0C6FD526
                                                                                                                                                                      SHA-256:10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
                                                                                                                                                                      SHA-512:7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):40884
                                                                                                                                                                      Entropy (8bit):7.545929039957292
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
                                                                                                                                                                      MD5:7379775A1E2AB7FAB95CFFCE01AE05F3
                                                                                                                                                                      SHA1:3D3DDFD8AC7E07203561BAE423D66F0806833AB3
                                                                                                                                                                      SHA-256:9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
                                                                                                                                                                      SHA-512:4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14177
                                                                                                                                                                      Entropy (8bit):5.705782002886174
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
                                                                                                                                                                      MD5:7CDCE7EEBF795998DA6CAC11D363291C
                                                                                                                                                                      SHA1:183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
                                                                                                                                                                      SHA-256:DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
                                                                                                                                                                      SHA-512:560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E|....,iOyD|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):109698
                                                                                                                                                                      Entropy (8bit):7.954100577911302
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
                                                                                                                                                                      MD5:8D804A60E86627383BED6280ED62F1CF
                                                                                                                                                                      SHA1:E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
                                                                                                                                                                      SHA-256:494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
                                                                                                                                                                      SHA-512:0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..|....n...o....`.nk.#.%x......-|...|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):136726
                                                                                                                                                                      Entropy (8bit):7.973487854173386
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
                                                                                                                                                                      MD5:4A2472AC2A9434E35701362D1C56EDDF
                                                                                                                                                                      SHA1:16FA2EA2D2808D75445896E03B67A93000EEDDD8
                                                                                                                                                                      SHA-256:505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
                                                                                                                                                                      SHA-512:5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 40 x 650, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):647
                                                                                                                                                                      Entropy (8bit):6.854433034679255
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
                                                                                                                                                                      MD5:DD876AA103BEC3AC83C769D768AD39FB
                                                                                                                                                                      SHA1:1833603AA9B6A7E53F9AD8A336F96CCE33088234
                                                                                                                                                                      SHA-256:1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
                                                                                                                                                                      SHA-512:946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:PNG image data, 176 x 513, 8-bit colormap, non-interlaced
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11043
                                                                                                                                                                      Entropy (8bit):7.96811228801767
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
                                                                                                                                                                      MD5:8E9AB9C28B155A66BC5C0DA5E2A4EFB5
                                                                                                                                                                      SHA1:972E61F162D48F1CEE21963ECBB2FE439105DB55
                                                                                                                                                                      SHA-256:B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
                                                                                                                                                                      SHA-512:12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.|.L.|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....|.)
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2266
                                                                                                                                                                      Entropy (8bit):5.563021222358941
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
                                                                                                                                                                      MD5:DB8A181E3F0EAD4A9472099E42ED6BE3
                                                                                                                                                                      SHA1:92096AF05CC6167B1AA816811A1160B809393FA2
                                                                                                                                                                      SHA-256:E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
                                                                                                                                                                      SHA-512:A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.|.....5h.y.%.~...G
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):95763
                                                                                                                                                                      Entropy (8bit):7.931689087616878
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
                                                                                                                                                                      MD5:177DD42CA99CAA2CCBF2974221680334
                                                                                                                                                                      SHA1:35FD86B3DD082A6D4930C67BC0E05D3B5817465A
                                                                                                                                                                      SHA-256:525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
                                                                                                                                                                      SHA-512:6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.*c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=|..`2. v..t......U*.8.u.. ...'...*...2;u....& 3..$.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):256
                                                                                                                                                                      Entropy (8bit):7.217563427641414
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:KuwU3eZDrECpLwCBYmgoXnLYgko2WEKqFCKZRQeEClVMn:KuHEDICpLwC+mganioTE5ActLlVM
                                                                                                                                                                      MD5:8A701B0C8769C3FB9984CC67B9B61AAC
                                                                                                                                                                      SHA1:D2CFBDF063766A4CCBBA510D319064104734F23E
                                                                                                                                                                      SHA-256:B825939BE99AF9D1189D1A886E581763C2E8C4E55495FFF33456569A9ECD1A13
                                                                                                                                                                      SHA-512:DC283C10318A418727ADA269936045B3B05F0015C67A9779D6D6643B932772D6F07CE8B1C9A26340B598DE2815706A4667B603D6F50FC31668D23187253B16CF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.=M..Y[..]Z1..f.7.<O..#.0.....Y...\....y5.i.../~..qw.t`"5.....Lt......WV.<...G._..V.....Zf.n..'i..T..n.<..I...*/^[.d.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):266
                                                                                                                                                                      Entropy (8bit):7.181813027451938
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:pdq50ZKtkTsRHZ5NMhjj1FyOlpmgoXnLYgko2WEKqFCKZRQeEClVMn:pM5FRHZbM5jiOlIganioTE5ActLlVM
                                                                                                                                                                      MD5:CCF24F1BAEF64716DB5360D70C737584
                                                                                                                                                                      SHA1:9D1F16EDA9559B0308B4CA949EB9F4438CC73E4D
                                                                                                                                                                      SHA-256:02802873A650A8C722E85B111765EFD497AEF84127B8A97BC99E89F60794A019
                                                                                                                                                                      SHA-512:8A4074CA72C5973DCAB8C83929B2ABB7B0264B6AF75F0781C92416F928310C9E97F892E63AE968E4D38596CB808905573293FD8C646EBF9904C079698D0D9053
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:?.....aJ.n....PN...j...#.0.....]...P.....;. ...5~..#w.t`".0(;;../%Q...)Ls4.S>. ...q0.^P....b1..b-.6.1.......SG'..9....}...+:Gzl.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):67083
                                                                                                                                                                      Entropy (8bit):7.996550800655545
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:0QUhBsP119flNOQc0r0aMMHGYsNjGUdjJA8SBFBPf:03QVtljRXANjGUdXsFBf
                                                                                                                                                                      MD5:A25794C3DE919ECFD587E6FFB8CF1B44
                                                                                                                                                                      SHA1:A77C02D8BE937B7D5D86C81CD4ABE2F20336392D
                                                                                                                                                                      SHA-256:FA21371F4ECFFD4693F6893C1868FE203169E0E6C9A0E69A92EF99642D7665D9
                                                                                                                                                                      SHA-512:43D4A21CE1AB9D39C358FB28F742F075DC1D33C3ABF706DBAD303C8A992AB55A1CAC6848C66C37456E175A2B47B3CBCD5FDDD8EDE462495A5A8868449FE5EA8A
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.*J.cbs..9Y....|....9...N...H$...\K.7.*..7.w.)f..X../......n...Mh.WY..8....b.....O.+.S..6....r)....so..'.x.{y.D.4..i......."e..X9...M....Z.{.I.....'9.75.c-2...*....<.I*.G..G.q.25........./.fs.../s..e.......T.N....H.D.".....oCv...~P...;A..%..U.hK&.q.U@z.._..S\;.``..".=.>F.v{.e."......%....:....~..3..D....>....B.71;.A..c..v.H!rJ.>.t...+..|?.uY_..........U^...^.>.H......Y6J!.;.l4.W.f..`..3.!..E7.EA~.CNq[#D..q.............$..C..+(.1<.......2.4I..Xe...?EJK9X.3X.}..5.G|.n...D.\.R..i.S2...Y..).T....O....Z.rE..1J......t..#3..+,T.-...P.y.8@....W.| ....Q....4....m..O:I.\...(...Ft&.E.%...q.f/.....q). ....(f.....4.[..w.s........2.a"./..0!L...A.o091.d/@.....y...=....0..L.?..<.H..PP....^Si*w.#......F....".z.g..rI.bSK.N.P:.....KJ.=..^......[`*..@...9......].B.....D9.=.$s.!n.S........i7.WLP.am7$"..:......{......"...A...3chL.....h~.T.F....d....?..4.....|....{x.A...mbYz.v.v...............1...h..Z..b....R.)K....R.hd.*....~.Bu...5D..p........l.....E.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1017
                                                                                                                                                                      Entropy (8bit):7.8079280371602096
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zUMOcNwj6FZiUr7rthOAOXKgcMVkloSttpVM:HVMQ/7rlOXKEetre
                                                                                                                                                                      MD5:D14F820CC154759B92FD2CCC835318E6
                                                                                                                                                                      SHA1:0B167A4DA4B7358D436DC6FCFDC531FE17174CCB
                                                                                                                                                                      SHA-256:4040273263AAB78AA5016044E6C516384758CF53719C4C1AE095A8E839983BFE
                                                                                                                                                                      SHA-512:7519B1EBA6B2614D3DF728924F8A027C51275572D1798F01D3680F6AA723054EB3714ACE83A534E5401B414C872BD7BED9B849EFFABC3F2EF418448C7F8BD6A9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..)....#..Cw..w..vc}.....a]0.]v.@..+.........o.VZJ.4....R..M...n..W.`o..M.........M..oM-..2.0=..;z.....H...3L.....e........O...........y.!f.w.i....^....A..@..Q..W...".....x].4.>.1>.F....'..h........2.....z.Z..x..A1B.J..q.............-...F.Q.K.O..K.+h<..M..1..\3/.v..L..S6-..c..hAt77M./....)f..`...+6..2?..[ux.#.M8!.}..=O._..!.P.).P.....z......:.......9.T&..5.....V..iJ.Me...=F.>.q/.(.:!..J.U.F..V1-"....R.....*..q&\..@cr.....U.....7.d.....#..[3c.:{,8J.TD.....E.*..;.....lD.x...-S..>s...s.)x.z..`..p..IS........p....L..E5I/...$..v...g.-..(..}....m..]...k.]...Y.Q$..$..'..t"y.D+./.YG..2.V..h..8..a..4..T.k...Y.0@.....@T r%.t.o.l.....@Y...Tc}.n.?%...`o[P.K..R...t..mm.cm..&.=p..%.-...m..A.2.M.UA.g..`...[..k..DU.@.....K}...I.:*......X6.....#..KT..../.{..$3.TQ...D'`S.8.F..w...c.]..A..Q...JB...0.D......N.. ..5?..Ql...)A..h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10483
                                                                                                                                                                      Entropy (8bit):7.979808238162087
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:XKoEgGcTwDh71ifTp0jpsevy4xC/BUFGyNWp+NdaK4HgF0cr6PO1:7Cc8/ITp0hKWC/fq9KgFh62
                                                                                                                                                                      MD5:FB535C86ED41915EEA3A5A21F2FE20FA
                                                                                                                                                                      SHA1:0FD83DED85712FA2778862EB6EFB2BC9FD2125AE
                                                                                                                                                                      SHA-256:B437B28DA40E46D8E60B3233527BB8C7F169992891C460E8641267629F18F836
                                                                                                                                                                      SHA-512:1FDEE2E0BBC8530A9EA99AE6C2F9AA2A3317AB8A3C2E2AACC56EC9CAE762E2E9D1DE877646A9915057195AAE80281A881D6574DE8A5C73B96A3B678565A9FFEF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:^..6......>k..M+7..4.;.o...C..2..9.>.@......8:..y.....#.Q.K..N...M.H.w..J..$..j..J.P.. [@4... x..$...../m...8.W#.g..!...x..J.S.OX.%U&cl..(....Y.8...&.....\..R2K."...\....../.^.O.\....)..zb.......t.x.m[?....z.8...|)3..s.p0..h...dm./+n...x^..?K..%=xfZZ..mM....8.R.....}...+....z.p.bJ.4.j[.(^..T. ..}...8....Z...A..>.AKn.b.n...3.....S.........p..z\B..w..r.4C.].B..._n...V..[.>..7.._S b.w../...~.#jE...~y.zt"!.....kZb....o...0xd..B.gm.I..~......9.I.......|...6.....1J .....@....].*F..z.&y.*L4.-.oE.D....<^.JSJl...}'|..[..iL.#..O.....b..$.r,....!.g.1.93]...ae.X.?@...c.fP.....<\n..q?J:.w.....1.b..65/.CKX...^r.9R.ohN..+..@.C../....OM.}..%..dSv0.m..q.2.77.}...[*T..J!.,h.|}.W......_...R...1.J.>5.z..h...........i...{Cv...V.i..A.2....q.t..R..c...C+..\S7.7.!E.%@.[...f.TV.fM;.T.b..W(7....Y...d@....Ek.v.>J.5..0...;.~..E....C[.Et..Ib..4.....O`..f...bt....z......+.....Iu....R......j.r....d..y. ...P..Z..(,...S.Fs....t\.......<.+.z..Hm....>..=...;....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24396
                                                                                                                                                                      Entropy (8bit):7.992953352495218
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:384:YtVALKWdKzmELF7f9PqOnu5sVkyRxO243PAyaBQgZdCYx/3Ao1IIT:Yta/dK6yNc5sWyr43YnBjzzT
                                                                                                                                                                      MD5:09CAC10B8275F778F1E0B182B944ED86
                                                                                                                                                                      SHA1:164C3727581B0F1F40780F1F407409ACE44BC6B6
                                                                                                                                                                      SHA-256:5BFC51FE5EF03B9A261D584C02ABA0A8D13970EFB39C5526479FDF4ACD06D2EF
                                                                                                                                                                      SHA-512:7182E379E45C1A5913CCC047155A3CFC6EDEF43D9F3B915BC95130A354052B587B9B34DA1A74303340F3B25FEE1E3846F2404175AAA427108A05DB402D881276
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:p...3..O.......*....Y.......[.:...K...L...B.uB....U.@J..ED]N.y*.|.ss.....4...........d.$4.;.Z.]z(_.f..U9.v....~.;..W.\|....aK7X.|......jI....:}.G..)..v.j.3.......].......D.2....1c.[i.....-..s.......&qkH...s...v..+_..R........>+gt.U..w..M....(7.(..~...a.I.x..:\&n.....S...(..e0Cj..T....../.r...\..-.(...!.Ye.QC..C.9...N...HIn..h..@..........m..y..FD.*....S1|37d..;..^..X.R&._.......k...L....l].M..W.'...7.P.GOT..V.i.I&[.K&;^..............fJ.i..T...b..'..8..#.B...#l.I.bl...R..F}..uf.Z.(%...mg@'|..*a......O.C....r;y..@<...P.d....Y.b.>...SJ(S.,...k.]...G......X(...E=.9.........PR.|.tfZ+...w.zT|.............o..}.........Eu.....Zd$o..&.7D........Ks..6..cKY.8.j.x...K.F...........^..3<..( .G.;..~...&.S!)...@....7c..$k.1..Xk...4...[.G/t...K\.lw..h;`.NZGS..6x..-a+^.....6..xn...N....'.1.F.>..U...H.>6.E'.K.<?..qK........I...y..r.T.nZ.n.4..f..F.h........_.Y>..=.cV"..<r.n>I,.*..WU......7.......tT...R.6...8^:/...t'h'....*H ....C.U..0.|..=...@..M..$
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):509
                                                                                                                                                                      Entropy (8bit):7.560133347290118
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:i+3Bavs0VB9T7vCrtE5E+zm2ZaO4Oj5wEfx74ganioTE5ActLlVM:i+MTLTjCya+mKZ5w2x7tloSttpVM
                                                                                                                                                                      MD5:FCA26D15CDF89760F749A1FAADFE41C4
                                                                                                                                                                      SHA1:45D7B9124B855D01618D4259AB8F35EBFE0FB334
                                                                                                                                                                      SHA-256:D70E92B49BE8E598D8F4802C28ABD467E5432B288DCA654D5FE6EC8E94CC2557
                                                                                                                                                                      SHA-512:C5F58F66480DBAF7FA2125C87D3D82076A934FDC2336D57A7C5844B1E7381C62005B4F1981411BF32A3DA152CE59B5FD5E879206DAD82BE14C2B6E5A510FCEEC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.R. (.c..C.._^.....3..|\......4I[.`.._.....3......C@.......0......{..Q12....$.>0.......h.F$.....X 0W.M.XU..Lc......?......(t..e.9=.Njo..k..t^.v..m....(..SJ..v..N...F...o}+C..)W .I..k.>....!.%....;5..5:b.<p.....9.l..O.X.3}Fc4..Sq...l.l.?.6.........K..3..x0kK,.........1...:.......I..-...qw.&`".0(88.......,...>.....yL.!..~.0..C.../A+T..">..x..%........>.....Y...]*.`o.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14703
                                                                                                                                                                      Entropy (8bit):7.988186016241759
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:ddPGR9XX/8/QKzQgnn9S3Mntzp41NjexPPqSXgdddpeXAXLiPpi1A+55QO3lwuZa:iRENnnoKCPePqCC3uw1A+5ZYwQtjsA7
                                                                                                                                                                      MD5:48121F79293031EFC142E73847E89272
                                                                                                                                                                      SHA1:CEFE6AA0E5F8512707E6589F1A23C816BB62E32B
                                                                                                                                                                      SHA-256:618BF537745E655E90CA45005451C643601715CED9851A7CE293E585FC5DE3C3
                                                                                                                                                                      SHA-512:7BF0FF9A24593EE1B705BB60BCC5DD4DEC2C52BC27D2B6A2FAE1D453E687FC0C0E39225A3298B6CCE296DEFB0DD552652880CC6BCAFD7521D08EFA505005E8F2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:\..JL.Q...FW....0....|.....q3W.Y...Jr......l!.....~1.Z'l...x&2.x...........u....p.9<.Cv_\.D..p.....].J....o\".~.vF.b....w..,......_...T..).V....>4.8.T.^.........X..D......=....NcIr....c..-^lz.P.`P.v.E.DF.&.f..F3...../oBl.vKo..../::....QMk...%.=._..*(.Y.........p..(.k.....UP.G....doh.4..'VK....f.k./.|. @.n^..1......i......lVx.$jO1#.\.x8'.....".VP.Ey~...&..../...%.......^^Q.Xl.K..J.C.Nh.]......W`..;..V.J1...|.*...q.r..P./..l..`!.jh.2.h...|..r]./@..Aoc.V..... .J...;....4{L.Jn#..[z...Xx......#I7|X.F....!.....{.]...3cK.....\.......e.'..*i...\D.5....e..x:.....ju.n.[a.C....99A....~dm\^t..%.mEE..Pp9..!A36h.`IM......C.b..t.Mi$"..!.....#.w..X>v.......P(.-..h.......c`h..}..T....!8...@....4.,K...2.H.m....y@S.....@.s!.....!{L.K.....).+.C.*.o.5xi._K...c\..?..........-t.AY.`..+...4......${.@Ii.... .,...H..*|....S...~.5Tz....<D..7........;...'GSn.gU.5....... .....%.....!...<(`AZCG{....g}C......k...j.z^....P.K0.2.....f.U...4r.U.v..zG..x..|...[.X[....DS..K.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):274
                                                                                                                                                                      Entropy (8bit):7.167467130453735
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:4zQa5ogfAJKEUEjPLt4jj0m+goXnLYgko2WEKqFCKZRQeEClVMn:ndgfe7UMLMj0m+ganioTE5ActLlVM
                                                                                                                                                                      MD5:E2C791CE07AC2CC241E454A8707C3A4B
                                                                                                                                                                      SHA1:ABFC68C3C8D4A20C7E964A4FAB0650FCDF4ED654
                                                                                                                                                                      SHA-256:72ADDBA6A18A4494F30D5D9A6C41B1E77DDED6B885DAD593727BF9F343121218
                                                                                                                                                                      SHA-512:C4E1A1C3557A9338599CB44A768AEB8436DF85ECDB72E133E19C1FC9225D8BA8D9607F61D0ADD813BAF8D5C2A528A51DFF5D9A240D1A0A87D0E1CDC5C1F15A87
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.L...<.A.h9...j`h......@N."..?@..N=.........K.].\....{5.-...}~..qw.t`".0(;..QXe.....WpP.....~..)...#n.*..+.......|.?g...E#.f]9e5e4b.|h.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):296
                                                                                                                                                                      Entropy (8bit):7.290138162750817
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:2Ie/taqfqieITeVRtTpEjWW0rN7goXnLYgko2WEKqFCKZRQeEClVMn:I1vfgITeVRtTpUB0rxganioTE5ActLle
                                                                                                                                                                      MD5:9CC0A7F52431F4DB53C5601998440412
                                                                                                                                                                      SHA1:533D372E7C9E21DE96183D5CC6CB323231362657
                                                                                                                                                                      SHA-256:BB5755C6849741353C3078C3664A19267F92D4712312D221A8C19818697F4AC1
                                                                                                                                                                      SHA-512:C940F4C3598DD71B3B4416E04261C596B6628D123D8DA930E49E3DF5782B6EAE7B8824A4F26D6AB387819352F302AAD3FE31A9C1289659711882B4DCD66AC692
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<....pK...."Lc'..w..,1lVSVk...."..$W....vZ..f.....=.........h.~1[.....;. ...5~..#w.t`".0(;;...9..)..?..jt.s.....k]i..R...?o....5.2]..*. G.5.....,7..Ky..l.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4456
                                                                                                                                                                      Entropy (8bit):0.43805780721736565
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:zJ0mXjYyfhcD1RRXUn/cXIlmqL8HDf5wq+J+/KRujslll:zJzTYyfmJ/U/cXYmZDhwFw/6/l
                                                                                                                                                                      MD5:1D3BAA402F43867545D9E47E9B43DD14
                                                                                                                                                                      SHA1:CC8043711A3733E73D8466BA9B21FB626DCC7474
                                                                                                                                                                      SHA-256:DBFD0877A2010C499A026C6BFEA15BB66F328BA9F8D19E23F347EA21DEEACF17
                                                                                                                                                                      SHA-512:CF6A3634955B21A017A1449DD79F64ABB55E2EECE74AA14701F1EDBC1DF623734C2ED94EB4FCD7626793399511A11ADF7352FB1DDAB12E23103C0AD39B8A11AB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.%c....L..=../\~....5.L.fKE8..)................?.....I.......*...*...*...*...........................................................................................h...........................h......................@..sn.M.'...........Z[.|@..S.................................. :.. :.. :.. :................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):267
                                                                                                                                                                      Entropy (8bit):7.2279511281628
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:GhaAWUGULjCEQqqJWWXgoXnLYgko2WEKqFCKZRQeEClVMn:y5MU3aq+TganioTE5ActLlVM
                                                                                                                                                                      MD5:7F11545163E4950084A37E106522C6A2
                                                                                                                                                                      SHA1:B37664C03A1A0F0D9DF314F8BC363133C38E25DC
                                                                                                                                                                      SHA-256:08051CEFCBE27C13909D8416470D25D63B9B4EA63B123961C0AD4FAEC082372C
                                                                                                                                                                      SHA-512:FF2C4DF80FEF1F18F5EAE79F968AAC361220A577747C69DCC9F8D69ED653B5E34839302E77D88BAC30FEF517DDA67AE32901A95C51ACB647B7D43E3D9AF53191
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.#........ .!.,.....T.v.[.....;.7..%.s..F..Vh....98......5.......D$8.....6.............../..X.........O.....C ..?...d.2...N.|F{.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4091
                                                                                                                                                                      Entropy (8bit):7.9532798234045625
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:twL/FRLITyCDUj4MGODfd0I0Au60jdFQhQItDExeatre:iLdRmyCD44Y90Amj/QhQId4m
                                                                                                                                                                      MD5:6A23BD6F5759D4D0DE31B6E3D5B90C96
                                                                                                                                                                      SHA1:D8672D04A13F0E6ECE0F20E6DFF0B75E3514F9FD
                                                                                                                                                                      SHA-256:E10CA8BBF24C01CA290970385772B5111AF0E12E9BC38E9405E27D034F235A7F
                                                                                                                                                                      SHA-512:D076AFFFAC13DF244F64DF14CBC544F781363192D212AA376EAE9E7DB5A550CE925CEF55F5F8E41A225FD82E6940B7ED8D039BFD80D2AD63950D6F4F674CEB70
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....Ugu....m.d....`...SR.s..7......g.Gq......EW..w.r...;.Q.._dw._.'..O.)..z....9Y....]w+:.H.R.S....K................![.1....#...Q...5..n..B.F......\....C....].%......O...U.J}"63...gpA_.;P..W\>5c.o..8#3...V).O.....AUP...d....v......3h,..|g.O.j....P.I;...5.W...R.M_*....}r.Ks.xe.m.....+.S...i......y.....>...c...9I:QQ...1.|12.1.=........_["..1......7^A..Q?...I..hu...PR<.K....<....s....}4.N.1...$..Y..4?[.]X.2`..`u.....{..}.7....?_...`.7..t.....Z.f.....0.........T..mO....>..6tf;.......jG.[.....d.Z....;.....F3R..y.^.k..........G..v.gr....>."d.J0...,hv.(".S.Tq.P..qX.%..B...,;o...._..C...[........9..vL.W.C.%(..k.9`B..H:...h...".yg....sa.U....:..1...i....zm.P.:....n.w7..P~...-0Gb<sp..*A..`.....z'..~.*..........aav..q=.......V0..`.U......[...G.n..|.$.........tN.D..8.x...[u...B7...<...<.....M..^E.N..L.m.6.x...9{...MG}...<...0.~zV.g...@..f.e.O_......K\q?$:..q........it...^..f|..WwS...+....i`'......O..t^.O.;.Z{.4.y...lm..t....%......_.B...]Ce.}.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4441
                                                                                                                                                                      Entropy (8bit):7.956903500117492
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:1DvfzVC1ISTWsifuB+dmGBoZd/nGhrAMNmHbT/NbFFi/MBm0tre:1DXznsD+dmHZd/GhrT07Y/M6
                                                                                                                                                                      MD5:9CA1AF450DDEE521091BF48521A5A751
                                                                                                                                                                      SHA1:B3C2FB43008101F90188D8999511386964C1F1B6
                                                                                                                                                                      SHA-256:673C0679F04F910C3CC2CC1A5FD18201C7441FFD377BC8A6F79AC77A84C61019
                                                                                                                                                                      SHA-512:1C5AADE5734E83BA47066B955B196DE05F2EBC19EDE8F0F2CEE795FF18413C46FC6BD922F65539DC2955D8E986A75FB60F14DE336BBADE9C84A6C3EB7BFF90DC
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.U.;...rF.......@0.&e....._..RaE....tbM..%M...8n..d.i..g...>r...@.q.8.]H...9.h=f.jv..C.....o.$.V...?...V'r...J..@....|..C%.W..+.4..~..A....".G..D..F!B.:......s..E...[.......|>.........&auj....n....P;.<... }.zd*.g.p.>.<..:w.........K.../p!w.^.GW;....JBz..^.uc#.[....pn....Y.xp`h......W.p.d...QW..z..G..%...L.!L2..'.B.F......^.-... .!.wn..A....'....aC.D.| .-.*.y.H2.{w.....pB.*2z..i.V.Gl......r\Hrk*O...8.p.Y... 5.n..gm...<..;...mL..2.c .O......v......@...=..W.T..<.,.L..Aj.......p2..&.'=.c.......{...... _.@.A......F......oO.*..q ad]Y..N....O.......W>U%.....O.!(.7g@.>.....>1....-...-.~....@E....'.uX1.L......6.o....-...].Ug....5..F.......B..x....pr.{.:...#...w<.......e..Y.$D/>./l.4..:+...<!F.|.*...!...1}..$.I......o..R..f8..|...mu..@.8."...V.p&........k.m.\y..Q...N.q.D........_n.Ts.....0Z.P.......1.`i.s..9N....0....>m.T..5....&.........0...y.a.!"..v.vgWD....}ee.>..~...Je<.c..5+...&.<.?]...C.~.c...~.Dv.D7..>.H...5-.9....H.:..7T..p}aZ.d.Pu.r.Iyd..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):18586
                                                                                                                                                                      Entropy (8bit):7.989515005978003
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:VEhx2PxvbMVv7hEzj6/nZA74Ksg8N/DqJRFwQw+ZVkm+22Z0qBhDs:V2x2WpY8moN/uJIx+vUHA
                                                                                                                                                                      MD5:64EA453C88744C5BA46F18D3B8A5747B
                                                                                                                                                                      SHA1:70D659843CB6C42816AFAF23F26DCA5FAD46E517
                                                                                                                                                                      SHA-256:302635B4AE452FE12BB7B32E9B1AB97780392C2D363E7D9D97B9776358F7DDA0
                                                                                                                                                                      SHA-512:13FFB5EEE1164CC9DC3929EF25B065964F8B856A5A3E5C89A346AEF9685973050DB910FE6727DD3A36643E32A6B70B7A4511A377E532B5799D3C320B0B625025
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...F3j.....d./pG.S..*|.|g..Xs-b.L.L...p...."..hJ^....!^....@...6........t........d...{...0...#.g4f..k.....-.....z]uI.!....T.S..[....&.e....~$+y...j5~...S...%./.(k..C*O5f.Y....u.".d.......^..`..........1...X&...S...k..|.>.....<8.=..`.C.jS..]...sx;X#>.u..l..T..*..........p.-..o.u@@;...R....t2{p.. 2/#...P;..V'.....G.....l.^.-.gb...|..h.R..HB.%...0._.^....U$9R{.5..7....C....:..?.J hb.....U..,w.3Q.X...A.A%b...4.+.NC..G.jA.A......6..X.X.....0f..ja.l?....7=.n~Q.bR.. .X..>.I..>.._--6=...9k.R.>...B3I..Z..NMH$.............+.vjrTd.nr.l..Ij..L..ML....S...@...............0.Vt6..a*y5.7.... $..E.@...r\e...9wS.-.\..p...<.......zF....L.L.....av....@..(...b........BA..(O*..F.V...H./r.~..u..P.diD,x.35...'@K..r^...........O._.^e.W..pi.I%.N....b`.....-%a..A..Q<..@..>....CK.k.h..p2..o..l.RI.2.."...;..V.X...+.4.....s.a8u&p..2k.b7.......V./.-H..(..?...\.~....mO.U `.&.....^.....k.u6<.._HV........a..8E....o|.8....Jn)..:..a.h...'.fu%.X.#...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):18597
                                                                                                                                                                      Entropy (8bit):7.988522400535468
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:r07H4Lp9rUVUbeP3BEoDdAAmOUrsD5BXOFGcFH:r0b4A1Td8z8XOFGcFH
                                                                                                                                                                      MD5:29A63ECE0E8537EA9E8A1FD022C1CD8A
                                                                                                                                                                      SHA1:F17EDB884AD77CA9058ADE81498A23398CCF7728
                                                                                                                                                                      SHA-256:F174047BA2AC6118B8535E57FC324CC4EFB986985DE4992ED1F55AA49DB8B252
                                                                                                                                                                      SHA-512:0880A68102CC3E1D05B9FF70CD127A731292113D36775BE7A3516A6FD7CA604415E5DECD5477916A6D494EF884E592B0700D5FD1242B9D381A20ED131E9A64EA
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:l....b.F.%i....J..c..E.1......2.oRN......]...eo.kpL.@.[..z..J.KT&.{.<.1..X.....I......]k.i.n...xWF...~.!bu$H."..G...a....VK.iS....?..O.....r...Bq..$..g...Q.yx{.2...,e..N.....8.!y.b8`0~.7...7.r.z...0.)cl.....4. N.y.../P...>r......?|..0r..FFe.......qD..8......o.G.aS6..}......:...y^.j.OK...3.../...@a.9..EGQ......"...t....|.B.?,%2.............yK..,zs.M.~.b]Nk*.81%....g.l%.Sfi36.m.~.x.M.E.%]?....R.\......$'.}.=jF.... G..^..."$o.Sg..l.4.....3..;....F.]j.oX......}.=...=.u..O.G!_.....=..H..4..2..ZEr3.N)...|-.......W_u.b...J.1;.>..?..........v...3.....k@e.g/.>.....j1,Z..(......T.)Pv..}..&//.............. 1..E%.D\X..C....k9x.!...s...z. T.6(.}{T.....$.{.-.z.u.<:-.-...:..~.sS~3t.[.e.B.@.......\]@...U...S..ws..?...Y_.Q........aL.{...L.....[.|C9Er.~...HjeM..C.E..;..u.U).....>..y.$....._..E^.m....O...-.i..$B.`.:........}..}.).......k.,....U{|...E..3Y2.-5..\......^..t..7eYU>9..hK.Qp.FQ..(.....y..*=..v..>.(@..<. t.c..".<.../.(...2.8.Rbqx).A.1NE.&YY...._..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):746
                                                                                                                                                                      Entropy (8bit):7.75346171645022
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:JrvtCx07b7lzhIFGOZlqRnyMpeqTtlCQ53vHucsLbkup2iPuJ1NFm+B7ganioTE+:hVFX7lzhBOZIppv53vHLMbpjP2NMloSU
                                                                                                                                                                      MD5:1510CF8D339E7BB5DDCDB5AA4D6901EA
                                                                                                                                                                      SHA1:5D7680317BBC7FDE046D1D9425CF08B3B5BF3E50
                                                                                                                                                                      SHA-256:599B8AF01762542CE5BDE0818D71EFB166F82E825E1E29B67D075247377DE37C
                                                                                                                                                                      SHA-512:34A1FD768A22ADE72F8CA8F5FC55BCF5CA14FAF66B6FC8A1B865A0871AF357D0F82753D13C76491C0E9D14EDDD8D7FC6A9892A3EC7BAC8E5FF45B79107245294
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:Zk.2.$.zR(i.a?5I.......M9...).B..q.....$...e. .2fu.elP^.@.+.9..*.....4(=.B.....E"...~..*+....&w..g.a..;.1K.... 3:."cQ../.Ml..q..m9..+.....G~@.z......e..-.w....`.q.R.......}...P.c..v..M...}......[...nbS.;.=.s....O5..A.P...././.+.`w.Q ...1\F........H..._.y.%..wYASj....a..8A..J..*0..rF^..D...~..v.m.......i.I+I 4...U.....m.M..Tq.......$...*.a....g*dH..~Y..%i.t..#.12.`...sw396+....6Vy..#..O..5.f.&..).o.v...~1......K..%.....or..X.y.f..1....G.`X...W....;.;...\pgq.|...X......o....E.0..v...m|K$..8&....E..|l.J.f..n%LJ..`..'..]|./....5d....>.q......&8#..0..+...fY.......U...N.]....F.".d,y.OJ.....h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4445
                                                                                                                                                                      Entropy (8bit):7.957714735680883
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:5amkfqZgTA4REPqEkbUrBYNK3DM6buPuGdI2PmuMzyBO4jHkqslZirAwtre:51kf1Xqdn1SNdI2PdCKOEE9UrAl
                                                                                                                                                                      MD5:BAC7AC5EE3B7B8FDD4CD5A3F23AB0731
                                                                                                                                                                      SHA1:171A590F45F2E4EC551D5C52E8B74F0E0F13B1AF
                                                                                                                                                                      SHA-256:470C9445EB45C8FD288E29CB6650788F6CD4F7C0D5E64E450603171BCFE027EC
                                                                                                                                                                      SHA-512:860F1797F9D74C7861129E4518EB1D38F55F1366BE3348208D37A24770FFFA5AD3B361CD5E85B47CA3C179A75801C22B4E9551841AF8930844894B6F7DF9BC9B
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:A.Qh..J...I..C..s^+4......N>.|b:..<..Y..K..<.....).?.._4]......oWE.1.>..4.k'.....U....WR............V.....F...`*.]c...`.{t.b.h..X....R..'..8R.@..).\.....R.1..x.uK."..!.YrK.5.K_$v/...V....K.,...#.p......X\.... NS....\..H.....A..q.h7O.X.2k;..7\.G.....H.-.$..JA.F.....7.7....Y'PR4...N#t..^....V. ....W'...sH...CO....w.z...Y.@..U..,G.n ..[......{M.).e.i#.*...Q.S..#.%.E.5.R.L({`P..eG.........n..M...<7$5...e...a..DR.*8.........S..@....Y)..8j.|....C}...A^..A...ue.E.....w../8.1.r.U.1z7.Hd..'U..j.i.N....<I.`..0.|G.x.9<.+..G#Yq..ZsB.`.*.o.B..%@.f{....d..NTm..D.....o..9...^.>._..2@8m.._....z~'. ..e..vI.d..&....l..3.l..~..T...f..mf..X.g..&(...4...1Us.'.....X.3.`..dc.p-j..U.h..E.:....(L.i...n(6......0...T.X.7~..+.......(...Zr.. ...mI.q#....v.#...e.....g......fY.a.c.bq.u)z\^.-.D....~..VL.\R.>.0..7.....O...K.F."...*...... ...]*\...W.|h...V?K.?.t)......A{..x......A......_.w/u=)+.cak....)...|.4.V..~......h..y..~AA...9....PD.|A~..H^.Z..kF..0{....p..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):745
                                                                                                                                                                      Entropy (8bit):7.682209799359804
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:C8FR4O1Sag662+h8eNHygA3Aj5HpFcirJkh3yZXTUDVH13ganioTE5ActLlVM:C8FR4lag662wxxAWJBs1QloSttpVM
                                                                                                                                                                      MD5:B22AFDD67CA8BA46469650AC722AB41D
                                                                                                                                                                      SHA1:AA3BF38C9BC1F94062EB4101335CC59D3507DBA9
                                                                                                                                                                      SHA-256:86404A3842D263115FB7001B4F4F3DD8B066D07B1EF1ECE9BDFBBB5C3C7A8F75
                                                                                                                                                                      SHA-512:9C10433BDC3E928CE3CD23522F8C39C3AB918A2F9535FFBB879F33FA12A226FB06441BBDA58FD57A35A5A55A44201235158ABBC6E5835E67DEFCC4D7FD0D505E
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:....y.-..$..\.....u?.....E,;.......^Y..y*Q.FE"<..|. .P..$Bz....X.p...L].<.b....2.Ia...y....:G....D*dy.......z.v.C]-. @.G.:l.F...BC...A....%..H._H..../y..~....d.-~].p......^.Y89........./....=..ta.....3..x.'....d.>.I........%.......<..OI8..K.tTo[.L.1..}...cWcG.L(..@X....L=M....F...9..N......$&.v..2.....d.O.._..j...i........u.`*9.Q...^ID..U.6.z...G.U.<....J.....G..?......@N.$..zb.MLB...Yd.a...ryz.zR.h.zZ{e.k...d..VX.y.f..1....G.H...hh.....$.j.i$....+.5.-...0..z.E...2..A.[`.....i$....E..l~J.*...LJ..`..'..]|./....5.h.....y....~.W.I7.....,'...i.>"*..3*}D....:x...u$q.8.O=>px...h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15376
                                                                                                                                                                      Entropy (8bit):7.988077387097842
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:DO/FH/ZpCMNSKhgHtfADgfeqiH6NfY6bYcsN:6F/pSKhEtfADpqZfYgYcK
                                                                                                                                                                      MD5:61F348D557EB0E09DF46DDA2E87BAD42
                                                                                                                                                                      SHA1:8516FF6E19D18ED5E1B057734F5662812986D611
                                                                                                                                                                      SHA-256:5FC37D3EB660EB0F1475BF2C2279E0BC421EE12F7F8E16782AE73459531F26D0
                                                                                                                                                                      SHA-512:72314889DCD3BCE58B6D596B742F62BD5F2212FFD043BD7C74FC550442E088CA9368F4E6CC8E4BCD793A9D1E6662D01EB36E1F7D323F08D86B2C9B167710EFB9
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:...o.G...uG..>]....P...I..a4.|B.&....J.{)..F..3i.......%.7C.EC^%.........%.a....t.....I....G<..Y.u....@.f....-O7.(.#~.m..Sp.xK..B....k....d.^.O.....F$..).E9a.......r..m|5w......3|..}x..P...bMMCb...h....._..k.uu.e...B/x......e..:..d.e.C}....t.......ln.8...y? ..q.d......T.._....t.....w.^4.Um.GVr4.O>....b.!..#.|Zk...$d...s'.T...rgI....:.]'..j.<..6*.m.B^r..3..8...n.k...C+_._...(.*..;.O6.U...K..U.].../...n.]..}.Rm/.>E...S.H0K`.r.c0.{...&U.....~.......wz.a...F;..[....).Tb).:zj...!7`)..7.Y.W.m.j.-....X..j...yR{!{......U...{.........6....2%]..t!...J.4..J.. F&..~.=G8.`&.C..0v...K.A5...Q..T.]Sq...`...\*Gy&....O9.p......9....H....E._.6H:"G..3...(....-a..p...Y....8......k..*J...g....&.4..;.......G.u.|..,.4.c@bv\......W..W.|.S.Z..&<....}D%V.d.k..[..z..*.r.R6..%.-G.tt.o.n>/[../g....W...O#...VG,!.]....g~..2q.....V....f8...~bR....!.}-....Z....Fl..........2...u<.x.r..(e4.G...o.......+X...w2.A..z]..z....ua].DKy....[.X......DMT....._....oN.M{q.L.TXi0.Q>.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):749
                                                                                                                                                                      Entropy (8bit):7.7025170230773075
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:3D6tG+MsmgCn9tN/ZRIUmc5U5nBAqZKfl41qFt2HTogKSqOCfw8OcmmKmTganio/:35vTnbx0Um4UwlXlGCY8KmYloSttpVM
                                                                                                                                                                      MD5:4B9760274460A7B0B103D2B84CDAA377
                                                                                                                                                                      SHA1:4105567BB0B7455EBB1A7DD6C01C2185C671B762
                                                                                                                                                                      SHA-256:A0C65F855B86F0ED1C89D629F50BC72AC2458165D92343FD609CE7D4841B1032
                                                                                                                                                                      SHA-512:DD7E1DC47F5B370806219EA8F3054B52D23C4C4888362EE3530E05A57DFA0A3A5424AD6E967F82F9964E8F2A947563216CC62398099DE541C445A377C0BE1A63
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.S..}`..p..........N.<...r..J.VW......=U."...x.....-...T.....H.a..P...m|7s.8.<..S.._C..o.V.wh..v...k.Nl..!}.....a|./.U..<..s...].......!tA..q[TX...L..(.HP..x.K....h..j......C..,..x..E..P..iy.81,......*.I.G..X*....i.m.r.{C. ...).Ft.8.s...Z~6.hN..C..s.=.h.J.^...R9y.z.8.%!..L..5>...;....}.Wx}H......~..@......Cf^...s...8..m~>..Y.:.Qh.D.....'|.`..!_.6G.d....o...|...>......^.ha.:%.7O.}.....e..D..t..y.bT.....;.......X.X...{.l{..X.y.f..1....FFb.......K..$.n.n<Z.gLF.%..Y.....&. ._......tRj.~..r.........gp.K*e.[..N.Z.`W.'..]../....5.C#7$.^.....+..a...=wH..aU.PuC&....g........x....:G.p.}.=.R]..h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):748
                                                                                                                                                                      Entropy (8bit):7.730821649759508
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:iFY5w2mA7rfk3ZAZpyGcA+2PoI0qvXtifaNMTUrexWuvwY0Mw8OcKn4bkvxganis:tLmrZopQMoIlgsiUFu4YO8uAkuloSttw
                                                                                                                                                                      MD5:AF50A2A2A57FD0BA0AF3EC4BD30669D2
                                                                                                                                                                      SHA1:8C74012DF011E5A2DA848A0995C50A4CEF5981F9
                                                                                                                                                                      SHA-256:18EE43282642EA3C81A3C4F0958B18F4415472A8E484ABD9AC8750C92C5AADCF
                                                                                                                                                                      SHA-512:23C747A2B11A4660FBE5AB7ED5BA726D0D63CB4137253A7B9537AC7F728D94AE83D192CA7C5316825B8B204A6ABA5BCFFFAD73896CD74A05A3E8A84E2039D3FF
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..Gd"&z......%.>..C..2.Z..'.gZ..s.O.U......2.d%FY........*t.s.^w.E....8.<..F.Q/..&..~.....sO.o.Z..e2..~.z...lgh....[.....aAj.~{&..Q.G...#....e..-;......E.>..\..E..........A..T.x.4.....|g.j......o.Ke:.....88...Q.V.Zlk...T.5D]M...s< a....nx.....~.KSI..m...p......&y..b;.,'.."...>...q.x..[.....]*.D....$c..`....._{W.z...S.K.V.xC...'......n`|.G...&.f.......(?..E.~.;2.q.4.7d..{.."=...\...r!...m..`bS....% ....v..SZ.z.a;.6...zU..H.X.y.f..1....FGb....O......My...=+d.M.k%.l.....;........`.A...r][#B9.......Cp.K.e.[..N.Z.`W.'..]../....5.|:.v......c.|+YG......EM.`*(D..Ur(...ot.o.1......a...?.s.n.Dm..h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4447
                                                                                                                                                                      Entropy (8bit):7.959441135683662
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:T75vovyKW3Ts8hgszqeYKxoLMTRDjv6xR6SUqGtre:T75vIW3o8/eKZBK6SUqT
                                                                                                                                                                      MD5:3F36D5F41AC434EAD7AC59DD7E617250
                                                                                                                                                                      SHA1:5B9EE27229B8943FA03669F3A2C169A7E44EFCDA
                                                                                                                                                                      SHA-256:4B5D52E26BF7DAF8C12BAE93228B7B1EAF457A48D2ECB32489A5B8D4097657A4
                                                                                                                                                                      SHA-512:8CB95ED08167C85E6285E511248DB600BA9E3A083C8AC22E31A18CF8DD3AB9860BC3B84407734B6FA9EAF2CE6BC23F84D024BDDB06355DFFE4D45ACD20B4E10A
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..A.bi,...4p+r...........s|.Q...}.+..0.0;...{.2...>.........GCm.iiV.r.t..1....'.E..C-Wk.b.}.....]...E.c.=....?L....Wd..?M.#.....i).l..ns.+....=.MH|......E...WC...u.M. .NY4..u.........7.I...r|...[..n..qh\F....(...x.....o...%..Y.......[..=C..8..U}!.5....F..1F...b6g..p9<.Rv..`.H..n$.m.)...=......-Zy...Qh..b.#...if....@=n2.....z...|EE....}t...@0T'..z.*.[.F.I...%.7.)...."n....e.......p.....A..t...h..NH.j.y.c-^.*.}Kb(czxz...Z(.^....u... Dlx=\...q.z.g]n\E.......D.NP...#.u..z....9..../z.I.8.....V..#{u.1.,.Y..Q.P.J.....ty..M.....N....._._a..K....viq..#,.....c%p..c..........n.$...`......)4+.......X.+.8.S....y....1......|.'.Q....._...V.sL.;...B.z..@..{..%X....!.Z.+.....L:..8.Z&k..<RP.N...O{`.G..(eI.F..X..q........_.j.\C..y..@!'E.OF...w".~.a~.O...<q...$...7y.L..-......9/.gI5:z....6...HR)p+&9....[I.^.\.....H.g.~...z...XO..Mm.d}....3I......3^0".^....l.F;......B6....04..1.._.[y.y....wQ3.S..n.E.s.....A.UsAh....Y.#...+~..2F..[.d{.0X.....RW..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14323
                                                                                                                                                                      Entropy (8bit):7.989519706121855
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:1jw/CQ/WvlvO+JGsXbBG4HPMELtbGg3LOXyJk4JegedcLEiByB3lb:1SIlrpLBGoMksGL0yJst3jrb
                                                                                                                                                                      MD5:9FADC2DBF3FEFCBE27ACC420C3D29F76
                                                                                                                                                                      SHA1:35B0B697D9E5F50CCC3D6091EE461E72CDD65C20
                                                                                                                                                                      SHA-256:4268A8DC53FAF13F3ACC486FD0E5F054DE22BB47F6F4CFE2E8E912D5389B93AC
                                                                                                                                                                      SHA-512:F6CE9596B32C660421871429D309073F16BB0B472A3A04EE8DC3349D0DAA31B92217D2E38F9892DD90B039F685CF49281A74E6BAB382C91451ECFD0F6B2B578C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:\.e...t.D..E..A.N...W...JU.[$.....A.._....o!.H...d.....XO....c.i. .Ih..J.B....e..7.:^.v.4.n...x.P.u....E.19......R.A.5.C..A..v....p. ...A.9.'....KXA5b..0..|%.[A.]\V......T.m.5.3.h..$.L...<.......5....~.Y.XA..qRe.$..A.5n....B.z"..*..oW#......S.1b...w..E9.}*..lb...^.)......D..U]..G.5.,...N>.O.,..=...y......r^.O..2.m.-.~.5.E.S.b2O.cN.x...GB.&a$........:.....y.^%.8P.w....7....W.U.)..Z.....!..Ns.<.I..Kt.".:.....#rMl0..G.l-Tb...s.$q0.K~bVV.ln.9...`j.D..=D.h..J+......O4Y.&R....[.G..>%2._.....YZ.(..^.+>3.0...%....@.G.%.M...-...R.Z.WV.E....|...'.)%....qa.Z...\.0..$.......S..<.....P.`).o..Wb...8.Z..|PR.....Q.:V..^9..`l.wlaL.......b.2.v....s....[...we.1....."..Zn"..i.X.q...m.....=..|.2.R......@...r.r...X#WV8c.z..k.Nw.co>P......JSw..o:...'.qYd.....R.....&q....3.M...v.Z...(._..O....G..-......OJ..d...N.:.k....q...l`.......(..M..l...}..0F..#........P#.p.N.........v..M.8;w6.....~.CFe.l#.j.....w..x..B..H..KP..zr.[...^.=..&....FXk. .8...;...4.>nm......+.L<!L
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):700
                                                                                                                                                                      Entropy (8bit):7.706834685008848
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:+ub6RKJfHTp8RCVJjFVIcfNa+8BXYt5c3RO+wDQCqeca6b1TXganioTE5ActLlVM:zW2rp3JjTNh8jNkYBkloSttpVM
                                                                                                                                                                      MD5:AB0165192E19B78A4B5AA641D5345DE7
                                                                                                                                                                      SHA1:17658EA8AD3E61288CAD7D54DF57B641B4A16CB3
                                                                                                                                                                      SHA-256:A0BF8D08B399D76A4B9F5B16515E0F0228DAEDC86704E7C54E0A127C60A4BE0A
                                                                                                                                                                      SHA-512:633E55B3BC8D72029A1FE62C22780758B06186AAD528F40DC0D1584142DF899ED702EF03CACFD509129720052A54493A5C12131CA0EB252266C400BD0672C5C3
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:t....I.o.RZ..........;...~!.......&S.7.^"....CQM..>....#...<E...tNn.2...c..{w.z......+._YG...L-.c.N.iV.........5.c4.).W......3w.N.S.!l...6<.....9,V.L..'....D*.M..8.h...l.@y@.;.......B~...rx......O.....^v......E.J.f...,ry..a....s.W..|..qn.|..`..o......e&PhD....k..W^c.y..|..xP..wJP..xO...1...`).gK....K.cL..%.;O....eG...M..5.>`E......e...X...[.h..;.VL11.%......jT..i4.;\s..../vy.4n....M.`.Ww.M..oIK`.L...#1...L..<.~.3..G..).i....<.....J... $.....!*.*"[..%s..U`".b(;8......5..1m.d..".f.ID....{T....).8~I%.R.p.y.....0!..#.H.!^FO.C.....s.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):755
                                                                                                                                                                      Entropy (8bit):7.7250268699123845
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:XWst1LhCdAgeUmPN474BkkE3AvK3TWFm2gwjQe8bIUlJb1AxganioTE5ActLlVM:XWMhhCyUmPNw4BCBTTKjN80YbymloStq
                                                                                                                                                                      MD5:F3BCF6CC20E2860E7B423A02D5F4D935
                                                                                                                                                                      SHA1:9D2BFE51A494CC9B20A89CB82A4AC072C71C8490
                                                                                                                                                                      SHA-256:934D2393521B858A912B2B393EA136FC5902379FF2A5AD913168C2910B3CAE8E
                                                                                                                                                                      SHA-512:94FC6A8F094171B7CEDC1C443C986FA62E09D861EEC7EFB32E7A0F3B46794241C1392FA49ECA3CFD342871828655754A9B8A39BC51F5722EFEEE233E2B4B7A14
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..$4..47.8....K...U........I..M.0C..ov2..D;.D.c..1...!<..\....[...$.....&..;.m.......RM{.T>..04......e,?.........2.Qb.*.u......v..!O..Oh.s...5.....f.s..|3|.........qq....>.;.2.......]@+\.=.h.2..\...T1.!IM=./d....K.A/f"zj"W$..d.~s9.....X.O..>..d(|..9.o.....*...1.{.......^...b#`Z...NF.....gK..52.D.s.... .....T..'g~....^./d.@..x....b...u..._8.w....>.|.|..3.....B..2...<....'..I6...6....p.TR.f..M....j.q...qd...V'<#.#"9.5.O..+..:..7.{....G.w.9A.Q.CTv. ..g........b.!.....<.e.w.k.q. I.;..G.vhD......U.k..9..M....K9q\[...y5.;.../~..qw.R/..1@.l..S<<..4?...Z.......7......>..c.w..Y..?...n....?h.`.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1579
                                                                                                                                                                      Entropy (8bit):7.891724413193462
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:NyR7rDCiZmFS8bMy1KRNJmryHrGOQPac3Stre:NGrDCiwFS8Ay3r2rrgstre
                                                                                                                                                                      MD5:5A4D0575D18522699927CD08618B0A1F
                                                                                                                                                                      SHA1:DBA0E6B96DCD99F478F643D78620A10D0D697005
                                                                                                                                                                      SHA-256:564725F1A715EAAF9D2B15ED77AF624DDF2D9D770B1CC09CEF6B82CF02C48EDB
                                                                                                                                                                      SHA-512:5716A1E807549E37C0AE49D8089CF50141F70D646DDE6916F42CC43FC523223B2B97CA020836142B9990056D28139C060BEE2D646AE3E9443F2972F819D18F7C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:wzH;.W....xiX......\b\.f.!n.\......F...5?:N..oSy..%..9aJ.D.D.P../.."(.........~.E...NBm......)...P&......#........I.!..r.....3..1....h....;.a....).@...7.0=.l.:.f4.....0.rmi..\..,.s..Hc/....L.5..h..v?...P..85...M/....J.C...vt.f.vG........q...!.N.H.G=+...y...Y!n7p...^..s.w....9E......b.......)._..@>Q..p?2.;..8...$.[.....Z.%.=.n...E8....\d$..Jv...ir!7..1i....k.j5S<PV...h..3w..sR...<S)......f.zP..F.....'....1.y..mK..xV.N.Y.p$..../q.Yo...>...h.=e. io.._$..s~.MC/..1..S(.H....^.?U...TRn3N'..~..:.'...#..:..x.eV.../...+..L.u..N.5..G-.x....z........8..=J...>}">5D....s..e.|~.6[...ff8F...D.T...8.26nH1k&)...l....@@.5g.8E.B%....FB....t...y.D..l.#.\.Z.......w..{.....Z..N..;.?+..~>.@...).v.z............uT.`..6t8iE...H/..^..M..P.s...........z9..z..e.E>.]*...[.....".u.k..L..2....=X'I5%...?...Rr0.....I.....O.....X1|...}K..b.....7. l.ud....[M./.<t6....e....q.|*ov_....'...........+~...?.i..V.`1.z0..)...*..$..v...........X#EB.....!.t..5m?......N....O.=.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1946
                                                                                                                                                                      Entropy (8bit):7.897683081160252
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:y2RQSLpsmyEtTgK3Fn9wUxbm+3ZxD2hMmtre:/QgtZTgK1u8CGyVtre
                                                                                                                                                                      MD5:E3C3C43E5D3169533F97B9F49B1EB2AB
                                                                                                                                                                      SHA1:84D3355095E28E81438E29D405B57C3E413AB87C
                                                                                                                                                                      SHA-256:227E5FA31EE81355293F0AA824BE2896010166511E62DDE19C04F5D02D8AFC96
                                                                                                                                                                      SHA-512:FA38BFFFD658F23024460594EEE4DD7CF9552B5B203A18A1F3F34B6E623AC1E40210E6A1046DFBFDDC89CC11497C34048D0D1FBB0B4A33F0C0EB2835806B86C7
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.Fv.rW.@.a.'..a..-!....t.s..-09.zK..&Lf..arT..{..N}m.G)..\.l..GK..O..P;h....X.....e....E.{.6..|cr9y.A.......*.ZBe.9tub.T.2D.j....D*+..tr...`.i.l..K....*y./l..9.K.n....OL...f....Q.....pX.$.h[.....8R{....>J..O....Z..a+].o7.Hc.'x.z.)R..+e.i......^x4[...{....O%..S...dN*....\..F...w...#.b..N.J.,.!H.....D...W.#.5..Ka..A...&...O.)`.9.g.@r.............=d..+..,.....q..o2...$..). ._.-......E.\`SSE.5..4.u....{.V..3....s.~N`.c..b<..........z1j..1D.#.q....~'.^.9.6r......j......SVMCI..1E+:....I.z.fGD....Ii.Q@..}.f.f............%s.[....P.W...}F..H......Dlf......9.}...S.~.<U;..i`...z"..o.....].. c....F.gO...:......%A.W.......<l...jn<.k...w1.Y3..n.j.!..g..,.F.....MB.......*.`.6....g8...Fy...K..?<.V.=...#...kjL.hV.!.."r.....6.T.8T.E7....F.yS...M/..W..k.X.p!......!.....qmqp.g:Hk...Z..v..iT&OM.xIQ.../...@.HbW.<. ....k...kH..d.un.....|P.O..4..t........:..!..D.~.t.p..-......5...7...!.].d.@........+.?.4..~AQ.|..F! ....U....j..B.T..#.eN...A..../....y.'.G....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1582
                                                                                                                                                                      Entropy (8bit):7.878629160813294
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:pP6QLewNP0t35j+JiMYX+vkQaj5BjiFGQNnmimlng21QvZeJpnloSttpVM:84F0t35jm6+cQadViosmimpgTkJ/tre
                                                                                                                                                                      MD5:79F2358DB8B87B28585B5B52DC614D6C
                                                                                                                                                                      SHA1:37960B968EAECEFA1BA0F92A3A46A7C7F54B760A
                                                                                                                                                                      SHA-256:A4E54BC14F77E89118169A6175065E06D560F80889A9F427D5F8FFBB51720A07
                                                                                                                                                                      SHA-512:5EA8B5C989AE98BC3E99269769A9E0E234AD4A13B64DE2262AD69DDB18D06B6C485C36228FD20CFCD960E378C5CC286802CE2116F601A96D6FD06FE3453E0DAD
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.(^....6..(...q..jX(A.+..@C.h.J...!c.~.....X#K...v...;..9.z.3...2.c.......q.d$...."......a\.Z".n.?.gG^...q{....).|.f.)#...uo+..U.1$`..<V .P.wh..z]8.:...$.{.. U.-..6....<.|:......&n...U.@.P.H.7.-...4D...}kT$...../HQT.....{.!......V>b..,....(6.........f...(...e....vE.B......{.N.b&?1`..STW.K.H....5.z.........&.4=[.".....!..C..i~I8.y!.mm.p....iTdr...!..k.e.kF.2.g.....`.......%..H.0..s......*..n..?.......... ..3m..1...Bk.!M...`}UH(."<kK.f..&=."..../n3..aS?.#ui.g..WZ..XsB.4....."#..........Z.u]P...s...3....4..B....v&..._...S.......|.]G.O..F".Q.k........<D.g.....2....V......J.T..G..y.."UD....@.S.L..+.....?.]'f52..&.V..0R.j2..U..y{|c....*#..J.%.\...|.e....oGmq3..v.V.'..5.$..;*..j..kl6f}7.^..L..E.f].X.~i-.n..Z.....L...2..p3.N...,j`C.K!..C.Ka..S......f.O(:.]...<..O..[a.....p....Ci..L S0.fb.....fBl....0..I5s.....q.YU.p.27.e..e.1.S...8.7.YZ...8.R...'..[ovy.j7[..h'..A..Xv1..".u.t...XfG?..M4.v...!..4Q.0...6w.a..U..tY/$..5.1...q#....Lv.A.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1827
                                                                                                                                                                      Entropy (8bit):7.893941073003012
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:aThShryMlDrXemy56BR8AQXrKE9KkFbE/OMlYUtre:aTMs8fuBgBR87bKEEkFFuYUtre
                                                                                                                                                                      MD5:A90F3F4393931F86E43ED66013DDFEB9
                                                                                                                                                                      SHA1:F308EEC154156B6A1876D465EEDB53E0DDF546AD
                                                                                                                                                                      SHA-256:22CA51EF98FF693E3B1851C64235C96E3DB8B19419F4234704BE6E728F39C026
                                                                                                                                                                      SHA-512:F017F0F2F79D3F90DB84E094CAF293D03BF6C46884E9728EEFCFD3A23FA99116A63BFD9C9ACECC5A228E7D4CE54126E238188A87B1206495B5A54D5E7AD3B21A
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.B).B"..&..<)s.v|&.9.c.4s...a..wS:T)..|d.~..[%N..)....t-..hT.*G9.......08.|..zm....4.b._...A.`.....R%.....y.+._.h....=...S.{Dr..Y..e.>.|.'..tB.>..2e@...L(.[F..*.5....G....K}..-..L....L8aV.&..E......w.`\x..<..0.b.....^(...6..z%..oF#...u..<..4R..C..o.E...$$.K...9.......S..3.@..Jx..-....=..'C9#Q...q.|`..e...$......bn.2Q....&J..:r.(.F.p.`3?j........,...H^>.'.@...Oh{...2..!.z..n..]?....2...~.;..U.OG6K...H......M...;d...vL..iX.v...2......&..#.b........V."A.[u...)....Z......;L....&...2..O..0....M'BJ....fu.......!.......w4.b.n..?A.~.......]:.a|...X.utVNJ.,.7a....V~T..%.dcJ.....#`.W.1M..GG..}.\.....5..e.v.$y............y...K...hDV2..o......X;..s...g...wK8zv.r`....D..2.I,....i..7dL.>......H.G.R.N..dL...a..~.6...N)TCN&..t.4.p-W..x.eoE...!.....S......l.#....q;O..L.W..y..".Q.eLh...}t/.`...S....|...q@.n.......0E..w.h.{.........3i.P...e.i.c...."...d.=gh.u....>}.d...F..J..;6S%...`.o..cf./.......H7.y...]^.X\.J9..'.e.......|........&..J.`.:&...m.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Public Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3833
                                                                                                                                                                      Entropy (8bit):7.957443431442332
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:g1+reINghhqoht/lntowVsAfrdQo5zjOcxilC8AaZXB9OQ+TksjoQWSljHJ+tre:gQWhlf/3rdrzScolCRaz9cTksbjp+tre
                                                                                                                                                                      MD5:AE6F128ED206625CC685AF35063FBEBE
                                                                                                                                                                      SHA1:1BB2D873ECE413603A3C61C1D551A2909290D7C0
                                                                                                                                                                      SHA-256:884AC90D26EF302FECE1EF16F7A4C6EA1CC0C4934EA326AE9BFAE6FC80555938
                                                                                                                                                                      SHA-512:7F83D4387D80C041F58F83166E79D033CC9ADCEC03874E163D635EBF6B644B266A7224B31DE8F1B1FCC0AFDB759A5FB68EDC21471D122CB4FDE0E19C30E0C3DD
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..u.?w.`.}.d..D..?..g26.q.&r.C.|...G.f..Yk....t.BH4J....Q.p.w..D.YC.....9..R3......f..}h3.s(.v..V..e.c..[.......e*`....czM...h..CzY...# ...,.J.<A...^.H......H'.o.6Ht./*..<B..Z..J..caj.I..5h..,m.0t;....m...VG.w.......^Cr.....i.o.:..@.A...w..i.h.`3...lyT....N...;k<R...........2..'K...U..)........GvND...Y.5.7..I..9X..t....Z......YKz...E.^{....{...;...z.b...%...*...}=......\.2..L.c..[.s.....CZ..{.u|....K..+jG?.:.A...T.#...O.!d....j...$...7.....k....s.Fp...u..........A....wM.p.....}y<B...}.L..F...3n... ./....8..Gm......QB..N.9..tE....#...gwo..3..,2.\..D`..3..j...I.J3J..Zj....]..u.bMg..m.....9...~.&c.k...f.Da.E.................7L.h<...4jV...[R.....).]M..?_....S.D.c/...lN......-f......G./D..2O..0.4|.....:L....DE.[~E.......r..E|U'......4.X...N...h..(;.l.rB/%.Q.......O.t!.....y.'.... LL....&D...7...hKW.o.U...DcyMeW..78.]...`.t...'.....9T....al}E{mC...n..Zw|F25PI....&b.+(r .......5.r...m.I..<..G%.P..:..3.WJ=8.*...M......y../B1..p......h{.&...c.5
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1209
                                                                                                                                                                      Entropy (8bit):7.791721632719847
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:HmHvs1unE2iRB+Be9uTg/ZZcvk3QDQ1RY0gtfXg9loSttpVM:GHvs1uEFR4Be9uM/ZZcv1Q1aSTtre
                                                                                                                                                                      MD5:4BF48D45010A2E1C517ED3BF46E732C8
                                                                                                                                                                      SHA1:6B0144A6D5EBE421A795024C3CF8BA4AF2121DE8
                                                                                                                                                                      SHA-256:E1EF219EBB0E8DC659A1CFB374B3E2E0AF1C791DF22885B4C127BA59EE346A62
                                                                                                                                                                      SHA-512:FD0F8F81A46B3E6F1714D1DE80947844379FB7058938EAFB8C13D3CE58E28EB5420AA577F5965E8346719A4A04A744D4B898F20ADBCE6177FEEDD8DBF4C38F1C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.h...0..K2O...V.^G...n.%V.a.b..W..2,...:xe.(....7Yq../...3)0...]).\....Jv. ....fk...a/...W.;2w{n..X..v.....P.. ...v1.>..N.....r.f..;../1...%.l.6=.D..Q.z....]+...t1....u..I.T^.i.lq....p1...q....B.....@)99.Z..W.4.T...S.....gp.K...|-..Zs..I.....F?.qP..3il.....=x%..._>=O..tq.d.....].0...K...:.>$E0hL....Q.K`1...5fq......y9{..p..@.s..7...P/.C.N1.....B.h2.W..b.R.....1..L......k....JR.f6...|...\.....f.].h.n.b.N.+....^....O.^..bX.q.N{....I$P....J..b....A=.n1FB.YL.0..];).j....G.K....|w.%P.d)..].kyv...w..*s!..[.i.4..g,.\..~...|x#..J...P."A.m{f./rfd.I%...............\.1e.S..X........u..T.3V.rI.uFl./I.z.....O..X.^L_.qa....E.%...{......[h.n..J..A....a....e....o.....n]..u.".4.."F.S.~.......[..S...u.Ri..J.e.e.`.....U.r.......x*3..Wg.h%N!Y.9..5.bw.*TGN..GC|.!.>..........m..MvS..W.......?XQ.e.Pn.n..:1-D>...d1.:.s...=.P.......t=..o....d..V..="...lQ..)J.nx..9.;./.9...#.{.?.~....jCY.j.m*.^.qD..=..zWt9iE..C. 9....Z...k....^.J.x..y.A.......D.c1l(-...<.k....f.7......D
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1490
                                                                                                                                                                      Entropy (8bit):7.8705331114901504
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zpCFrBKmRCavX1YRtQh6C1+4NVaiEi2cd5VHrBKMC3Q32o/LA/O2MDcpZHq6hBls:zoFtKEvXSbQp1NEiEi2G5lrQMA5IlcnI
                                                                                                                                                                      MD5:0A1B5F3A95EA0D3FB4CEFC666DE64576
                                                                                                                                                                      SHA1:8EA6B2C1D56223F0F900BBF578EDD6533688240C
                                                                                                                                                                      SHA-256:25D67D5A21BB8DBC51E34D439AE2AABCAF36841C2F1D984EBD8D845FE02BD289
                                                                                                                                                                      SHA-512:3C3431EB4D48E87397BDE544DE08E5D9434183AAD53152CB8EB850B1F4619EF8300081A0025961F318EB80E28C8E17405BF64F075BA7AC1EB47BFCDB48558672
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:z.^AU.)........98J.;5".g).....Q....:..._..D....wV#..<.X.....h...R.:.m............./..T..b....wmlES.\(Q-?....3.+...&...JE..R....@BCD....}!>.....qPC.~..'.:..N........T...d.~u]..%Z7t.>..&..`..n^.....i..P.F..k.......]...?.../Ey97...w._.......nEdL8...".oL..y....T[..gd...<L..4r``P$.qt...6:K....e........pacP..X....%.?.3.{;L..N..{g<.}...F.-......0 Z..y^u..z.....Lfn...k@D.."....... ....i.....Q.{.....b..q.O)A.,..;k!._t.^Ud.C,R..!.@.R.L...U.......9..>.g...BD.@.UC...F6..g.B...P-...,..c.....#*.-.G.,.X..&!.g.V..t."..u7.....B..o....^Q....QB.j.1....o.po.D.qB...b3...)....._y\..2...K....q.v...2...:...:....:. ..+GV..E.G`l%.o.M.h.....3....(...Z..G]._.u....TH.+C..j;@E..v....#.+.....M..vc.u....g._LY....(.......@%`.E...|&..A...P.:.e`..QK-......-..R....1..Q}?...?.>*8*0.E......{T.X.j......N....~.....0..q.j\....d.?.5.j.......G).9......b..N'.b.f?.....uO..>^y..8.%..4G^..@.N./.XF..\.\;...&n.]..h....Y.....J.l...].8R{.e....Kn.?..........b....!j1...jy....C.......*.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3843
                                                                                                                                                                      Entropy (8bit):7.952699062360186
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:hVayY/rfGgsJPjwrCydj9g8UuiYb0f6tXdpOd5KW6DROQmjtre:rfY/ygBJ9iYbTtXdpOvKW6VOQmw
                                                                                                                                                                      MD5:0DE62F1DB77BA5F6EE006FE8CF97A6E5
                                                                                                                                                                      SHA1:AC89AD931E14DE7579C5C43BB4A6DF8B435587E3
                                                                                                                                                                      SHA-256:7BCCCE8AE3528645DF1117515123B061BC196B5273D602F1B0EAA38433D59720
                                                                                                                                                                      SHA-512:75712D30C5A2A6413E5905DCD1AE85DF27F91D19C6A6E3A3C83038A06D5DF9CEFFE6C9968BEB639FF55CDC66709AABD654D0373D346AEF83627D10362D726E21
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..66.#..7..N....b'J...s.U..OJy.1..1t..|.B..:.qg_.&.._S3C.yT.n.0R.2.uB.*..T.lOG..TJwPf.\vaT.f.b4G,.....e....[>A.....TZ.c..V(..*"...b:+..4fU.3/PV6....\>p...A\p....Y.....w..b......d.\R....E..]..\.h.<RZ{...C!...y...........%...k....Z....5..6u...*.-<..\:.e....'......3[...u% .h....]..<2......|zo.`.&/J]C.N."..;!.0#..{....h8..j.C.~4X...BN.86/bS...f.b.....R....(.-..e"EC}...B...h'..... ).w.\'..7.3X..W...*)4....p...vqu..Ty.3.......w.OP.....9....T.[.J..;..I.D.U.@(.<.Z.7..]u.^.ye.Y..X..(.).a......g.Ujg.c.U...F..F....I.............k..#.-.tUM..m....A.U...j..Uc....e?.`?.H.}.w."..W._..X.#..W.......v./...+..O!....7..f9`.$|..(...}.K..^.jF.....%_;....O~..Y%.iW.Xd....B9.#'...JR....A$.d..=.:4..[E..s9g...1]....4.`.zJ..dU.2tk...x.i...9...7..(->a.].h. ..UG...%...|x@..&brzeF..V....n.=.C;..D...w.... $W.(1Q.I......o<..........=...P......#m..l.d.........p.........J..g....u"...h.9...^m..4.g......xa....9...{..0..E..a.4gN)..Q$a...*.G..[\....[3......l.&z>t..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1580
                                                                                                                                                                      Entropy (8bit):7.8776100697887275
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2ouxQVPzNvIeCsrOpQnxPPf4jbvznUN2cMuYZAmcw9S4zFvHmno+4uvI4QloSttw:eoLzjbtQngIjL9SUGno+4xtre
                                                                                                                                                                      MD5:C1A4D68AA7AA6EC6847A801B24C6F134
                                                                                                                                                                      SHA1:E7E0A03934C9271205EF28588E26F7E496463094
                                                                                                                                                                      SHA-256:F4AC2F769EE72BCEC33421184E650C4D5C46A6B34B723AF3979F156EF51DE6C7
                                                                                                                                                                      SHA-512:9101C21701527EC82781AC7E989C056793DD4CD8934E01FAA11099FB7B0737BB725DF79E450DAB9218132EA4A5C84FD51C78BDAA634A4756CC0FE0155C9E0698
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:..=.z....$...lQ.H.zS.....ns....U!...VH........q'..Z...vO.Q....D...^.C....)..9..M.M......^.:l.8y...h..jj......!..t{7.....s.i.4..S./Y9Wb.D. ...c.......V&.0.<...&.|....m..0..V-.-.|...{...}QZ1...w...$.....\.4.....W......S..K:..~......9M.rX.M..G+t..E..."......l|...84.-*q..P.;<;..;.1..X..++FRza,?.g....[.$.....a ..*.6.I..<..H...i....4.@...>..HB5..!A....5.-.. .48o@D.Y.#.tj.......~./..p.A%..C..".n...g.oo.F...!..P.W.;.p.....'......\j-...DH!..)3. .+?.,...um.H....<......~.-...Oed...A........v..g.....<?.%d."l.S.0....a.%...3J........2..p..i..jSD1].|.W...........G..v,..j}l.,.H... .......?....B).......K..^.........z....6..-.C....Q<..s......y~I..q..<..O..sba........b.....|...5.....i.....Kr.......VPY.).Q..B..A.,."mG"#..g.^....7.. y...B..^.=K..7%T..G.!A..p....?...s`....W.]6.t7U.<%b...WFY...e@'.2.b.{..).4u_..."I........k(8....a.?......:....'V...@..2.9k......W....1U.}.....;..9.Lvdy..z.ZNH#.._..0\.Z.C.i..8._..%....;$..U......s.z.#...L..:..=$......F..3\.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1580
                                                                                                                                                                      Entropy (8bit):7.888207647370117
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:8NxH1vw3dpY7GZW7Ex4VM4e/8IAB58pgFfV1Xba3Xa1SSzcOY1DloSttpVM:UH6NNMXRe0BFFtde3Xa1gpVtre
                                                                                                                                                                      MD5:7386D576BB71FBB4C3333323B3924BBD
                                                                                                                                                                      SHA1:3FE1B911F988A4508432CC0DBEF4D2D1891B5977
                                                                                                                                                                      SHA-256:D20EE6C7AEAD5B61234E6C1F47E5E905A299B25EB0834B35908A6394E3E8598A
                                                                                                                                                                      SHA-512:8B935AD48A1270FB75CBEE55C7923960E973937E730F3FF1A247F3ADE8E925AD2F248D28DBF0F26B29C0CACB509EFE73FE8B5ADE5EE05D4EE5EEB4FA9C11FD75
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....|.zkam....s..(.w.M.._R......u.P.a#.h.7H.B._.*...Y.<......l5....ud.r...c...s:h~...~.p..........D.c&...<:L.).it!T..E...R.Vj....?w..R......7|.m.ov{..JK...0u..z....a...e.^.[D9.%%..r.J.V.o./..U1....C~b..[..u...hx.[..K{8.........%..|.Z.P..W.^~.{..#Q..]{N~h...y"..f...h/R......"..w...k.J.l...Z!..nU.f.t.....w.&........n.s...p5'...I...Q].M..;AY-#`E...B/.].n....^..O..6...x...2.....E-..8..^....SJ.%E.s..H.W.*..sUi..2.".K..6.C.(jvhr...}.S...5r..7.F..j..P.:G./@Z.?....G..D#....E.b7g|8.I..p......t...Q.AE..4K.5D]D\...........d.9.CS.5.).U..f..I...#..F.Y.....f...i.In...l.c>.l%#..O.-.,Up...r.....`.mb...R,.{.rT$.}j....#./^..././.Xe...3.$u.m...O.O&.z.%Y..F.3x.2...f..r..VU..../M.../...8:..q9x.....Y.k..xdf..h..+.'.n1%?9>..?.{...58.vd.vC....k......../.U..z(..3g^...S..#@..E.....we.*d.-w^.. !^.aZ...!....N:r#}..?..c...."....|h.h....j{..........u.........,.Q7...,G..GA.`...'..]...5.Ew..l..Kh.|t......{n..E..zd,(...'B.dP.}.Zv..k...(.X.W...rx..B....m
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1828
                                                                                                                                                                      Entropy (8bit):7.8880125319711984
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:ln58oQHeR4fGMyPX1ZYxe35BqYcwVW0WkLG+3HuL6tre:FCbeifGMyPX1ZY035BZcwQ06+3HuL6tq
                                                                                                                                                                      MD5:B0DD68E0E9096BB771482F42D4B49210
                                                                                                                                                                      SHA1:59786656C8A8331D1F413EF4EFE41404097C28D9
                                                                                                                                                                      SHA-256:2A05B8C59322625253DC6795699CC5A341C70BC61B9DD1CF0426D822517FFBE1
                                                                                                                                                                      SHA-512:8F83D80DC19FBB681485FD211565F4585DAEF64C8BD3D67687883C1AC6CE315D55989AFB3D8AA3589A8F6E81BBA93040623AFDE07FEDA9BDAB534255EDC5825B
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:s..R-I...C}....~.9A.T..C7.}j.BJ|.E.*...........S....+.A.sR.1.%.8.:.o.g...g.S:...Md8..'u&.g....<..jWSr..,)z.`y[.7.Oc..<...M..@8..wb.q$X.d..QUs..........p......k........r**...+...r:/....6......A..u..l .......;...-.....u.aM(YY...L.c..j..k..B.,;..X..>O!...0.;.....&.`#<[..V}S./a....#z.U..~.-.J..|..9..8.w.e..D....e=R. .e{Z......."A|.D."Oo...4."8@.&Y..y.].......*..~Z..F .../h.g.|.kb..`.B....%._f.g..C...Z..h..;..`>.P..\l#(S.R.....#..qnO.._5.g.....R.+6..@...E.=nJ..JQ...kFI.....&Q..%s.i...\m.....0..l......&r.d%^....N.,..>)V..>... .%-..|.E.....V.e..(P.Vo...$.,~Y.$]{.5..|..tdW...V^2.GA..R".2J........o1$<.^sR.7...A.q...t..........'>p.\......FR.s.......8...Z..T............."o~..]1:.bC9....*....(..U;.sw.pC.S!.q..n.8#.#.|....3.......?%.8.S&..&..Dz9.8..-.tJ.b{..Kqp..-.$.......Y....1...~x...9.W..'.).;i.\>X..7.Z.Y.4X.....S...8Z.d.B.=b..F....p}.....s.L.....F.,....A".!.]$.h.).a.r...6....Z...c.a..C.....Wr....p".Q].q...0..E..B.2...4...z.<..e>z.Q..4.;.....0.*>
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1273
                                                                                                                                                                      Entropy (8bit):7.844637108297581
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:IfviojcBHoyxcdaJKqCnVnCgbzbx55EbEJAGK2i4yxeLuMAWr/L2NWohkjYIwlo/:Ifv9RGfCVnREcAGK2i4yxCAAqLDIMtre
                                                                                                                                                                      MD5:16960D7C95C3FA0FAA59E8167A0DAB85
                                                                                                                                                                      SHA1:DAD3AD1E1839B4AB13D5DE11353F1123FD1051EA
                                                                                                                                                                      SHA-256:385AB410F748406EEA927E0C9640ECA2A9DEFB1F080C5560B5DE1803908941CA
                                                                                                                                                                      SHA-512:745239C634B1BDF8CBF6662D278560DEEE69200DEA578BBA666A82D4A305A05958964BA7FD365FC7E168958FCB226C0783627F298D380D1591129CCA6F35D029
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.c.wh0.i.w..[R.....OV3.v X.....&......dG/w.](.y.-NCkyF4q9.C.[.Z... .A.......Y|~..dE-42...[.......23t.E...p...6...|...x.....z^.ZW...6....D..{.^...X.G......^.aA?...P..Z;.. .c..H`..p.....g.]b .........Z.....T......<....u..n..`.,..,..c}....G>......\^23..,....nGN...L.v.%d......P..7.H>Q...j1..:..F.....*N..[..m...RM5...19.CVf.*.cP1.5g........JI...........t.8]....3\...l....HC.W(.....$_..J...c..q..z.O..A.H.r.a.0.......X...1C.uH.4$VUo....2eg.*.......J.....5.2.......-..m....8.....+.6...LX....o...G~f..YI..}.s<..w.....>b/!............ . .....\t.=.lO.v?.w...9.t...;8h."~B..wn`F.g.f.....R..s..h...3.!......(.4.:.o.(...K.(..3........o.O..0C.,.@Xl.....zA../..M0U<G....R.w....c...B.1-....X+...(U..a.qW..+.6.....7;@B0...3+|.l..}.....E.c.@^E.Pm..>g..gY2V....M_.8{..d.I0.}.@.N.....3e.....N.eX.7..R..d5~_.......9...E..e ....W...K.L.-...8.:.I..P.t.d.K...t0..c.J%..0.W.I. .4.?.c.\.[s.S....@f...u6[.n...a..4.....`.......,.[+......G.?<aA..._.v......0X.7.........4=.<*..$?..
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.835220372679853
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zcYZK58jTZqsNYsZYCaYv9BhnmAXtaGATFufeoZGb0loSttpVM:zcYFTZq2RmvYnfg5FumosbQtre
                                                                                                                                                                      MD5:C57C0DDF0C26424E3BFB96135DB812E9
                                                                                                                                                                      SHA1:F3EB235A9BB0C3C81B49225F95553ADBA1879627
                                                                                                                                                                      SHA-256:D6716C0D6F54AC0762FB34BCABAC7F80BBF76A89E8A34025FD564AE25167F092
                                                                                                                                                                      SHA-512:95545F67F51F18F6FE1C75794658220073C9CE4C41B29DEE4338E688F43D8F823F83C4779704F2DFCD17636595141A393D3FC0B8A7F72DF0DC516A87B6EC9F0E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:D.y..1H.+y${.l..HR.Ec-*...z:..1>V....s...O.G.*.U.<.3|.@.ll...%.,.\....S..N.>.>.l.3.,..)..[........F...f.s.....m..ro..{Q.7...@..!..>...u....oX};4.w...4..)......../..d.z.).....P..m..-...A.ik.V..U....XH.A]0E%..J..s.....^...g4C.s.d.3.M+t..E.m6...y..22~5.....i...+.M.Q....1.Y...\...z.j..,._"...y1........9....d..}hp..st.diw.9j....5?2..dm..R...7..P...?...78.............5......]-vB..%...K...(.....i.#NwU>.!............G.....2.f..K...O.|...f..'..^I.../w...-t.\g.............Y0{......K..yk...B.+.K....\....3rx_...E.+..Rx...9I.Q..y.E,....Ht.......R.....^.e.9.R..z.......!..@.5..+.(..".._.*[b./]0.......#Ss.,.EE........s..&2J.z.....d."!..O..K>..T..WKV1..o.o:N..f.f..P.\g.!..9...W...z....H[J......>....*..B.E..BV.O.50<....p.......!t.5{^._n..M..O.......CNl.+.;n...%..P..F0...r....{..z9..).....A.....x..9\$.Y@l.f.....!m.....?00D.87..l&*."...h...x.]........k..n.4g......y.>..=....{.......E..i..fw.qG.ER}....;JC...K.._......6...{r..]].{'.b.`......f]*D......DE...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.830578142489097
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:fKWe96ApjOMhsVn8kJ3qJ4pap8ia40HFFxjXbSh7VzYq5q4FDADdcjyDK0MloStq:fKWe96AROqMJaOpapP0lvuh7VzYIq4F8
                                                                                                                                                                      MD5:F92182E828ACA34F8A3835044913CE15
                                                                                                                                                                      SHA1:E5EB1FB685FF2B1164F94B103696FAFB428A2FA4
                                                                                                                                                                      SHA-256:AFF62A9418EF1206C06A8C8AE3A57A29F3E656D0F3158E6348DDA022652B9608
                                                                                                                                                                      SHA-512:36300A1D15CE83962EA9CB1B5543989256F891303A46546E868ABB4B2D2BED75BB5D6F1E0252B1496E391E65DC8B4E758DBBD2F181EC8E002F450E8FDDCF0CDC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..... ._N.$..*k.u...a...5.....jO.......+...|.1.y..>.t..ld.......ze....3#...X..l.zl~...[p.0.f../.S!w...~......2....n.o......q...[..q{az.[...X..f....R...Wpx4..U..w{6&..N.R.....n.B.Ou..S...l.'..(... .....9A.|1....]0p.Qnf....s.Y.iJ.0=u...[V2K......q...b.T."....!..uV.a.(...|..3.@.../....R....C]RB.6...1.<...N.Wa].p\j9...\2..^.....+....}.~......1..H.....4B....;....s.Wo`@2>i.[.*V..j...8..U$....A\fv..t.0.\.....T.8.~.c.....\.............qL`.} .h.._..=M.i*..xr....A..J/".....M...0\'.9......<&3Y.`...?(........t...UD..V.J.o...Ut.bUu.d..?.Q..}.H.....'.-*.._.Uu3rS.[5..J}2( V.\..w.m.u.(.0(1-.K..; ..f....]^].3...!(W...............e.w...0.[.....d.....o.6^..w.*..J..0..H9......;....U..]-..<...b.a....o%....f.........n....xx%z..KW..b6U.....Os....{..X..|).O7ho.b...H.V*..W?.........R].....qm.|..w-;z..7r.....(mg.Yc..DDp..1H..j.3eA....!.....B..YT........._7....k.tkoY....W..G...C9.!.U..T]s.1.....$..K..'.7....}b..Y........\s....]...wn%9.k.j}\1..E.....~.aV......
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.853809995395752
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:zXqb4bp2UQGgbV/NJ6kBslQH5UQ5/DIoWloSttpVM:jVbD2/z6kuQ5sztre
                                                                                                                                                                      MD5:F550E93137C41C046472BCBA6992093D
                                                                                                                                                                      SHA1:24B5B0A31374741443812DD40D098577B79B349F
                                                                                                                                                                      SHA-256:5FC0CE9712D27F241976D4A615CD5B3EE248070F164DAF59CB7E321EBA62F5D9
                                                                                                                                                                      SHA-512:7B050A85B125E5382E034481839FE701A35D1808952B6DD3B9FB9229A6D1106160C77B264D70A7904497E7E93AA739C0AFEEC3A0771FE10C0A6049B6297071DD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1.....Et.....@.b;..F.f.=..%....T.T...GL.../..8 |....V.|.7......me....J,.%P.$rJRl.W}.#SA....S.F.F#3r..l.....Xo.=.b:x.w.........!mr..."..sj...t..Ad`.y..-.RVc\.*1..z..O...i:...gS]0.[.T.h.f.........{..}.2.K6.8cFz...C.....Z.....qe..U#G?;; 6...Z...5.l.i.sV.....>+~..Ii..!'..@...#.#.&..G."*e.H..............YB...5....<J.......n.uuw|..%..@E..].g...-]....G.l.y............Y..)%.}...{S..H=$.X..n.O..~.5?.0....XZ...IH.(:elI.....Z...B...k...0l.p.i.3..!...t..Ua>....g.j8#.........7......S.).'.6hw....)...s..<...'FB....7E.1MU....o...c5V-s....a`......|.c..e;..D..b..1r..7.Aq'......../....c..{N ..w.bt...H......L.p)..MM...48?..k.?.5.6.....|.;.jQ.L.....d=.3...Zz......7....d...2.Lf:........$..."a.$b.0....e...-~...-.#2 ..f.....S.).).b.'.....v......6._..lb.*...:^...w...,@.#..I.`.Vt........m....Uv............*I|....J.c....qV..Ndo.f6.0....1.SE..P7^/J.....yq.)B.G4#.....e....t...).]..o..._.n.:..`..v_.._...|..j.Zi......R...5_..$.t.2....C.?\:G/.Z..n..T-......X..#.U
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1269
                                                                                                                                                                      Entropy (8bit):7.838809378656794
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:dnrNYyu/2Gsh6KZDW09oBkH9FLUTX4hJLoXrWqwX5yZbnhpXOJ9WUpzaEnloSttw:FrNH9/W0j9FH2i/0sWOzaEptre
                                                                                                                                                                      MD5:55639B587451964B13F7BD6500099AAD
                                                                                                                                                                      SHA1:BE3EED06F1369345479839F46C24072191822C32
                                                                                                                                                                      SHA-256:BEA15920782ED68AB680310F5AAFF4295DB24B26DD5CE5178D54FC84FAA27A9B
                                                                                                                                                                      SHA-512:76E17EC0D6841FEFD3C3B9D19FF2E18AA33706BAE2BA0E088C20891CC5991E233A628239BBB0F4897A7D40809BC0C6B25032C2CE48E3F5DDCDA17647F2F8211D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...i...U,..... uk}....g^F...........{.B..'tL..&.K.w.y.&......._......\.F...7....lI..@...u.."J_.LX.+L.$ap.....y..\....9.j:...?.<......}.HFJ...E.....Q.....',bi.C....1e...Q...=..h..L....|..5.7......@X..v....Qg....y..K...:y=...x.{..z.@`8t[......@..].8.....$j...rQ..+DZ{."cF.k..y..4.A......!S.9...e...h....{.#1.....I..q.uXfp\..UqV..e...DU...wS......Kn+.h|.T.`......5....B&T\k......O...\....`i/..,..a..O:>.Z..&...6..M`....DoFf...6U..N...|P@.....T{7.'.\3..fFe.D...=\63.vGR.|.....*X....3.d.L...M+.....L......M.!...&.Z.qa%...I.&.\.:.d..../....e.r.M.ak._:.f.E..@W.!PH..(.{te...N...w.Y.RzR........u..b..k...>....-....p.#.n...c..l4{6.K.//..~i....S....[m!.B..n2. ...{...........#.....6...g.D.~M..J`...a..G.I....P..1.G&"....c....'..u.6...N..G.Yp.t..:#..fn.a..[B+Y....pQ.^....`.... .z..r....,R^O...x...E..........OV.r.....W....g~(.l.B......e..[..Q.....^=....+..T..&.*.0}.q.g.Q..B..Y...<... ..P....DL0..y..;Y.XjF[G..C.v..h..`.D.y..".*\.(...e#!E.......su..q.O..-..+B..<
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1269
                                                                                                                                                                      Entropy (8bit):7.849957228953998
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Fgs4hQ+8ijRIYgVbQc1eXK8x/WpMjbLQOhAXloSttpVM:WsKMYW9oXK8p2MH1qtre
                                                                                                                                                                      MD5:612EAEF4F71862F686105C7A38377EBC
                                                                                                                                                                      SHA1:57E59A936CA9F8C3C6633C6F0AD7D31D045702D6
                                                                                                                                                                      SHA-256:4B83605D493B33F94E99B89EA83D2A74E7C8F8955606A60CCCEB81504373F4A3
                                                                                                                                                                      SHA-512:98C2FDEE10DA2017020825648C921293660AE7B37EA06C4A6992C9BE0F7F9B2330DD7582D3D726F8F835970222C973F3025F263DD78A458C430C87B5870D4A4B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...;.[...\.I.7BS...L[{...,{...t..........Og7.@..*.e....(K$.{.0m.n....q..)..2.$.@....W..z..t{..1w.N.e...)..R....)_........Z..W.D.-.s.`J..%.Q..}B..x......y.e.R..5_.b...,..b... 6.B.hY_f{.....<..d.r.+Rx..[.OF.;.M..A.......n..j....i./5.a.m..f.N.........A...^..U...W.)...X..].-.J.p....>n!YO.Mi.B.Y5..94z0...!;y..m....5\.....E.b.....K..................,.x.V(&.......or+......@J...?.v@.....o.........h..o...|...(..o."..#Lt%.A.%)QH.Y.yj6.4p........hy...^.Lhz...o/...._x[.]Wd.m.gCt.../....#...X.Jo...e.@$53..._...{y7Ni.z..X.\.I...(Y.I./..j.L...5].Mu./%4...5..cYA.mr...L.x....TO...K...M.!8L1S.pS...<.]....M4.......PK......d"|..7..s.Eh...n....A(C\......{3(.~..Q6.. ...\U......'...FXQ.8+._..t..........Y....P...-..66..}w..:...E.y..2.q..@+I`...J....Fo)..%......=CI..:,..,.... 8...`.V.vwE.t.>QY..../...`h...B&V\]..."R..]...3`.I.X...a.;..8.Q....8EM...=..b....J.pf2.7 .,..i...j..S0$.a<d...C#4..I. X...0..p.....zp...R..p.=...........-._'.T..'...i7...s/.u{.c..Q.B..=....
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.864271841686099
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:EJg4q0ehPwKESwTe93eD0A6TRbTzgXGT5J2s6jj4SbrkHN/reCLGNabvrcQmOnVv:E05DEle9uLUgXGf2sr+kt/ZLGobjLeZ8
                                                                                                                                                                      MD5:FAA3B31515C70716D8E334C1082F020C
                                                                                                                                                                      SHA1:F2165C3263AE0ADDE5A961A4E18E29E86BB549D4
                                                                                                                                                                      SHA-256:501566D134FF7E2AFA6DACD0E4356ADFFF68461737C42DD0568EEC068604BE03
                                                                                                                                                                      SHA-512:93F26236C284EA1684958F6D0F9B0FC35D2FF271682EC3C9C038ABF7C9ADE61D7154A31FADE28D57A3CBB5842433D4B2A54C384F150DBE7FD22CDDFC6CB200AC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:h...1$.........F...W._.aYw...q.U...~....~..$..jRw.*.......9...."+......N.w.F%.&.....c....U...z.f...m...\.....3.&.$..:...62;.....Er7O.+,9.1.U.{!l.k.R..$..;......,|2{.....y...qO..!.W.9 >...@..D..[@.Z....../.O.....d..~."..<....z#.v(;.N.X/=...p....A.B.=..;fH..7r.".V.A..}......i.....d~..Q..l8...D.hd.p...gZ......Ug6....v...,d.Z.. ....g.T.kd4p...'..X..O....i@.zjV. ...^r..._Y.B...\.n.........P.H..\....y<...qp6..wt.........P...8...M.{....1xv7M..+nc.d0......n.......C:.;.(/.3)[..c}:......b.x0.....,.oK..m.....L.H..A.].`.lv....U.f..6.{.#..P....?..3.S..T/k.RT.=J..a....4.*/v.u..F...a..4.`..)Y.A9.+T..-@T....71N.>.D......W..&f.,9.....h...@Y..3...{.z....K.!..A|.!..-..T'.mM.+C.r......](1A.'.6.{6.'t...S.-.....8..x,.vo.......5<?...k.....N.I4.M.q....v./V.EE.SS.7.d..:E(..u.0K.........g..F..}.Z.k.@...?.mxl..'O0E..w...]...N.Zk..z...=e.....T..Y(.p....! ut.x.;...B...........-"N\.6.,_..E.....y...I.a ..].|l...1yO...qn..U`L<P..1..+w..Q..M...Sb.....P...^h.....%....
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\ProgramData\53F6.tmp
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):199168
                                                                                                                                                                      Entropy (8bit):7.996869683427303
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:6144:WlPp+z/4kYxGlPp+z/4kYxGlPp+z/4kYxGJ:OPp6wN+Pp6wN+Pp6wNS
                                                                                                                                                                      MD5:ABF44BE9B930474E3DBBA727CEDFBB0D
                                                                                                                                                                      SHA1:8631CF63F8A5B2F7D882E7970AC2C518B16B9208
                                                                                                                                                                      SHA-256:72DB94EAB4BCBC36C65AD157B300960254DA574923807A177830B18125D8DDB2
                                                                                                                                                                      SHA-512:299775CA6D084219D89986FDCC95E8F8BACBDBA3E4C58E2B30AF811008E8E9AFD0F64DCDC36467181CC8FE49D03DF827C2D61E97E14CB3F1CFDFC9AB43D201EB
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.....r...*..|.*)"...T.?..5....H..mWu..&m.F.;..|..y.%dp..../.$..Z$~.._............6....f..^..9..9.3.-.-.+.wY...`h..:.r..E...H.K.Z.y.....n.Z?.\L...}z8@../....a.3..9....Gc@..W....)...&(.2..OUC.u.yLf.]..9V.%...'X...mEe.v.$.U..Qm@.Y...=yf./.x+.B.G....}".-.S.R.y>..B....s..,3_.w9.04^......q.. <.N...7......d_.;.P.ydV.'B..<./.p...1..-#;0X-..&..d...[..).../..$O)...5.[x...@.;..,...B'.F.P.vZ\..V.SO.........&_.....Wr:.g.C..r....d...fr...O.t4..T...wp.N.^$..Ln.P...v...3....5........z.9V.<..n.......Q.C].....lWQ...Z...... q.`n.*..t..^.;.[K~.\..}.c.h.<.*<...".....>tx.......v.....|...6....yo...5.U.d7.P.?6.&,b...i.....O.Gj...r..s....h.....b..F..uu.lT....d..1ZX..y[.mf....A.I..=...kS..fX.".....AE.....P. ..L.z.x...X..o..8.......i3f.m.C.(......]n|........V.Z.f..3..;..H...F.D: ....G.s"..t.?...Mn.j..s.lr....o.<Cz....#...y.Bx(f.!.S..x. ...A.-..s.t.Q.g.l+6.Yl...!i.=x+..Y......E3.7....Q.7 ..... <o...y.H@B..f.1..+..m..(m.)Lb....q7...J...d=..&$....w-85).#H...k
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1273
                                                                                                                                                                      Entropy (8bit):7.843523742352675
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ISKm1uElRIm8EVkyhVjKlayf50VWAVLfK/H4Ucd+Dxv7loSttpVM:WoBkg3AK/W4UIAxv9tre
                                                                                                                                                                      MD5:E25DF26F00F1982CC7FD509DC8F3AA1A
                                                                                                                                                                      SHA1:6C051B361707388A6403911E71DAF64FA56B559C
                                                                                                                                                                      SHA-256:06F6CC79CAD21EB9F489F5B0A483B3FF256883C56F9A5C844825B91DF58C07E5
                                                                                                                                                                      SHA-512:8A7B6B8B48AC38CA767C5B5E7A53776F1A18F6237B9BE6FB8E29BDC070EFF2805AE33CAB9369874C0E04153AED32E7161D2875EF76D7164F4F108A5EAB8E75D5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..e...~.g..<(.....hJ..8.J.....@.c.......^vk....g...][...t,....&.q.+.c.2.."..b....I.:..,}...q..(.OL...Rz..........y*.,...7...N.F$..-..'.,...n.H.]....voH.....C.?..#....#.U.4..`.....@1.-E....#S?..]....H..v=?.+=l........UB.y.k?.T.(.4.@.Y.(..#."..i.K.V..R.V.3...j,..+..a~..t.i.....Z...._...x8...#......}`{U...(......&x..B...G.h....oY.G}....xiW}.^0<..T.A.g..M*0C7._H.Y%.........O<.?.....:.n...V... ,...q.k..2.......!O.k.(T.7..D..............%...r.{&...\....%B.<1.....r$.....'..<)..a...#./q...#.?....+.../..%0.F.....j65...}..mm.7....pU.q.;?..d...J...j....u.F-.V....[..A.(k9...S.u?x...n...e......Z.@.....0OU.M.[.9..%...9........s.aZ..K..oB....b....z....6m..f.G....0to....f..........E.m..".K@..&.%..n..D.d..,.6....6..!..Ky..wl.7..{&.hkKO..t.y$...-..pW......G;a..jOv.1....b...,.../..%......b...U.B@.W..@.d'.k.;.\Y.CZ....e..y<.f.^_...(.W.x....v..........h..O....~.%..CM....)+.[.6..(F. 9h.Z..z....8&+...&.K&...ze..Y;...Q+.......e.y{....$......5..T.D...l.6.zt..s...~.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.851157608151963
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:Aumrl82YGSEuA36QAnQNfoG+E6/plYosbzDyuGgKnku557AWZGb+k6XloSttpVM:AnrScd6TifKEUpMbzIcu55EWsb+Ftre
                                                                                                                                                                      MD5:4FE44FECAD659FE92A65681A873D6AE2
                                                                                                                                                                      SHA1:9AAAC1AC41F98434A85C419F3BEF153801E0184A
                                                                                                                                                                      SHA-256:93539534D2767C49883EBE9D418677C26A10842DCE9B3D3AE698E43701661043
                                                                                                                                                                      SHA-512:DC3D5BF9CFE2EAA339AAFE3703AADA835D40EC0B20EDB4DE0D6012B3E074798C0B35400FB0051C72CB636EF45BE98BCFF6CEBDF80BB85336376E5B4BABCE7554
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..S...U.7a=:...Td/T....[H0.5*.+M.e.-SB`...Q0..4..aMb".i.X...."...kF..i.A.^.,(H....}.~...@...t.....Th.{...?...[..........e.....nK....s.V....}Fs.. ....a`.....F.\..$#...l.;.h..d,..M.-.^..M.a..o.E.8A..>.p_.u.a....v+MU.o..&..]WK..@gz..M..j/T.jg.....8...3.\." ..|rz..0@...b.....$?...r6@.!.....p.f......I.Q..p}[q....7......wQ....`...l.....tCA.b...g.H.R..i\....I..*.......5.{i~<k.^..z..drz.M.t.I.[^....[.ZV;.R..ax.`.. ..j..y*=...;..k...i.a.1......)......c.[+0..|.qwVP...T/.#m?H....A.? &K.[.......T..P.b.Ok..a!.......8.M[6.(;[E....'.v..V4...9.x.........\..O.....%.s.c...n..n...a.....m.=.{...XX.....r..-......}..../...e.vV....$,cSU...'.7........i....$Y.........M..c.......e...o.#..*....v.....ON...5.A..g.g.\?.c .S<*k...!&.. ..a...yo..A...'S.8..9...d`.U.KV.....8;Y.......F.}.20.@q....$...a.Z..f.HK...Au.f..........v...4.}i...4.Er..^..3..[&/....u.....3k...'..ytWH.7,...%;.cuX.x[f_.G.:f.R....L....._u........|c.+..r.!D.....a.Zq.u+..."i.|6-CGR.?..6kc.... .j0.,.d...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.83683320595238
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:mFJ2kwDw0W+QOD3shlLunXPtHnlA5bRAviNHrNJpEUV9BDdFRSqjKhJloSttpVM:mjWw0WSD8D+/hWboyxMUV9vVjKh/tre
                                                                                                                                                                      MD5:7CAA877608E978BA0CB9640257E2DB20
                                                                                                                                                                      SHA1:F1C15D2C672B1FD594C9BC29E694C79C0AE04785
                                                                                                                                                                      SHA-256:722E528837E1A5C5FF73B5F6FE2A3C7878E251FF15D00776587B0FD85C6BB386
                                                                                                                                                                      SHA-512:472AAC057DB3960DE12C8404A65F51154E17A587878891C9EA9B83EB9571C9E51B98E4B713BAB7B6FC7CA072D66EEF6E39214979BC914E800B26EF59546E3E16
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.Ye..p.H...;.`H..C.o..Y...bZ...6..S hF../...N....^./.FE.......FV7\L.SL..BN...l..b.p..4.8....\.........U....:.M/.BeQ..m.9KO.R..1>F..p.~..P/....a..sE.A...et..$.~.....N..O.....&.a.U*......$F.C,s..%(I,%..YY...;q.a....?...@.E_.]Y..?......r-.p....Y.h'...G.+.lkF......u.'.!.6....7...?....<.;OBRS.;.......C4..D....9..%.:=^.....mI+...4...^.^9<kDW.............6.kC@.}R..u.......F~....s!w."E.....i...T.B..:.~..v"..f4cB..p....O.a...#"...s=..0.%;k......en!.6n_.z,....;.m...~=y.....v_...h#..LuG.#;Y!...f.b....p.5......R.7am..M..b..WlY..:.'..}5\v....!82...1^..&QEm......f...*J{6g..os.z.1......&.....D..1. .jl..V6.6.-4.OI....M./..'=8...E.,..O.s&...)/..,"...)...,d...B...)e.....0...+.z=.....'.NKT...!.Vg.N..aR..'...?.6.;......GZ~...n.".-.n..ryY...{.W4..B...~.F..Rg2V....r.....@..pE.\..<'........'Q....D.6x.^N...........A.t(.0zO..zX..6...j....R.&.<..%.......]..T.e...........7.:...ne.e..qjy...X..j.(..i.;...oq.".:..F.?.!....#.....F=..`.2V...b].W.6.V.m`...(
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.852330151998379
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:n3NKa+idZVOnnk7gCHbDR1iVWJ81Dk2s17rWsgL1OJV40juZAQYjfDsloSttpVM:n3pOn4PXzi+LrWsVVNiiQYDDYtre
                                                                                                                                                                      MD5:3FEF66F30DA650B3D6C2EEDE44C37399
                                                                                                                                                                      SHA1:B7B4230B5A9677FD0A99AE1D3E99A8499E470EEF
                                                                                                                                                                      SHA-256:EA6EE4F6B8D1B3C02BCDCEA08DA7C2428BA32BC2EF5F237C3022268549A693F7
                                                                                                                                                                      SHA-512:6984F100338D51EF634C6A8F7F75C977CED1BF843DCC4BA5788DBFD2D750D1F39211BB44E8B4519F0C694EDEFCF9FB005975627D6376E86C2B21866BA59836A6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:P.w.?.]..M|u...h}.V........|...w..<.M.)...Xm....}4.U..g..P..y*>.3a........Q.[......u..`....x..4.).R..{..9.~.o..d.u......IY..Q.....F..QT.~.....c..G...oT0..O.>....5...&.y..kz...g.....+..=...W..)N.`.l9..p.TC...=3.-o....$l`...#.*.E.n,D<...:....ZY.......e..nf......UmMw.W]e#.q.B....hy..7.Y.F ....hG.n.........OM.T......).(!.W..&..4..M....5%-~..}.$..7.....[...G.;.:a7...Y.......[._.q......9.P..#[..... ..,=..\Niw..[..)..I?....#e....K.//$.A..2.vC.xs...............n..Ed.>s.R..l..|.u-.u-.......]..N...{.)..n.3.....S.J.\ i....p...B.6.g)"....D=...!d.j...3<..$...i..-..ned..@|~.....%-CM.k..F..../....p..,..\y......#2\U.b....W.vP.}....|.y)..a.`H *\....&.{.9.:.% &......c..O....S!O..'5.*t........q.]%`..C..8..w].^b.Un..c.Ot ..R.%..E..|w]Q..H.d..S..X......H.:%-.l..s.h..t.m..v..I......2k...-.{..j.kUMzt..1+..$..Fz......]....:..\\.........B.]......f....m%/.D.P....}.h.:../..._./&FO.....M3...V.qL.J$"R.Fa..u..Q.fe.|......;.C.........2..)...B.....=|.D..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:DOS executable (COM, 0x8C-variant)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1269
                                                                                                                                                                      Entropy (8bit):7.853711270707094
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:wTxWzyHcf9d91kJkKGMesujQbLf3lvjlxehmeDLXasGJq76raB1QTPczfS0GCJBC:wNaaUd91PKJeHjQbxvji4IasG07eaB18
                                                                                                                                                                      MD5:72D3480B8224C9DE2F50C535197C0072
                                                                                                                                                                      SHA1:8EB15EFA7418070DA0F46F6C1F374C35EAF80EEA
                                                                                                                                                                      SHA-256:71E2412C502898A119669B069C9EC8A966A98DD9928AB072FA330C5577908980
                                                                                                                                                                      SHA-512:F03A79E8DD700C2399458E84B0B7AE5D82CAACE66C1DD0B7772DBD39252BF6AEC82D5D95AF8AD13DFFFC44A59956FFA3E5E6880EB6BE116EDB4766C6B39B3631
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.......<AQ.....)...x.[k.Z.......>.M..y."...t].G.9.K0.....w..xlXb3...T...........b:.V..f.C.rZ..SzA..t.^..;..;.+;.4...}0....k..v....~.W...W.....#.......15+. .....N..9E'..p...u..f./\l..... .3.....h.?...u.....o.A.....q..K{.......@..27:(I....@b...L....i.].*2...I.*<A..?.. .3@...../..P.......Q.;r..e...A.......bW.S..yP......EX.."...L.R..zo9-97?$'.\.5..;.+..Dh!r.......q.$N..-.f../.........*.(.jj^.R.....a..KV.J..n.......H....2.........U...c-gr.*&!..#..l...Y....#...6..!......&...[.y.>Gj%5..(...4|.T.h..O.....Y...XQ..K]N..0.{...^....#.PA.^....Z{.rH...Yv72.5......Ex.Ib}g. N..+...P.z...E....5..&;(,.P...D..n._.b...|.....(..7.um. .cI.....U..m.jZA......9>c.i..Px)`.Z....M3lh......p:..+.C.Q...G.Zl.V.....p.{@.\t....).c.Q..v.%.....h4..YF.hL..v.{..ZT.....m...@hVyu.U+C...+...\.]....... `..l:...~....Y}#'.AM.....h...IG......l.../.ny.y.A7...Sy]...~..........]....$..NNl.....+..+........./...u.@.+G..|SWO..=Zp...N.2.....'.E..RT.E...q...|.0Ox...FQ.......gz.]@...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1269
                                                                                                                                                                      Entropy (8bit):7.854096044644029
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:RRhXbQB/N3ZsWfZV4Pa7eRIaHHNiIAsxql8zYa43+8dZkloSttpVM:RbbQNFLQ/3kIzgfacjgtre
                                                                                                                                                                      MD5:C82979B78D01D420D0127E14116E4FF4
                                                                                                                                                                      SHA1:9CDAE634455FE921652D27061DD1657A620E048A
                                                                                                                                                                      SHA-256:813A4363DDF4E23B2BF489E8A8FEB1FD38108F87AB4DDD1F345822D69B968A04
                                                                                                                                                                      SHA-512:A374CE409C7F4F0D37E1AE30BBF44E87D75231611B74383B7495E609AB88DB105B9ED99AA69CE616AEE9D3F78D2C80411E4B5D8D42D4B70D4B986659410A6D03
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:'.m{......\.U.|....l."....|a..R/.c../5.,.7|..Y..!....).zR....j...V`......._.!.z..8........h......0...r......cSx..*...Q......%..K..5..0..i..N...j..Xh=.2..I@."2.$.m..M...P.'l...aI(.+A(....O.o..1.#.a.n.5).j4.or..Y..K..s8.l. ...^....".g.H..Fb.F..U.V..(.._..J...bB........y8.5.....P&.r......._(b..'..S...!..0......m#.0.y..|.0......'...y=...j&..:1....-..F..qO.S.rQ......qWV5.C6K.!.?.fe.%[.&O...6.Z.BN5...w.u..U.ML......U..!....n..k..}K.i.u...FN_.@.8..f#G..H....k.A........X.1.n_......=... ..(...h....?Y/k.....>....;.?...7w..&........8.U.\$.c..>o.f.......%.y#x...w....).._{.....;...........H.jE..P.!B..;d..~...ve.:u.A....S.'..~]..._..F+.?..8uB).=......$.........`6b...CF.).~`0..)X...DX...5OV.D.&;.#.Q-.G.Q.p.....q....X...q.,....+......KT0z.u.7..^..B../.F...p.......ii.f!......4.I...2*..<at,...-..t2eZ...K........)...!..l}K ../....>.zO.......Q..ct2.......&%R.PUh...0...y../8..BuM.......g,..{...vY.....`.m.)W...ig....`..m.@.6..?...~....g.PSB..#..C.D.4S...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.859493804715379
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:xcz/AGMW2ONo8C9E+0kyr8rqBqwvEsC8JOU0nZVbqdloSttpVM:azJMWlNZ1nrtDvhQZVbYtre
                                                                                                                                                                      MD5:C6A97EC2CA46277060392BBE6B68CF73
                                                                                                                                                                      SHA1:79DE83321233175FADEC5B211CDE5E6F11D982DB
                                                                                                                                                                      SHA-256:0A7DDE711F2D99634B3951A754194DE43610848E129BA81B609CB060F09C3077
                                                                                                                                                                      SHA-512:71BB1452107F7558A10CBF4DE1D560323A3DF9B0C829D057823E22A7AAA715423979E6BE0794D5ACFB9122E76F32A9EBA3A3AF81659560FBA576008F519E47BA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:W..sJ7.dG..'..,....7....N.t..~........f.*.R....L....U.K...)..=}..9.D.u....^........t..?...B....e.<..E.......k$.2...e..!...]...u.e..]..Q3...rJ...._..f`j..0...S..Y...i..Mm.,?.K...o.O*.z.C.#:..Q...N.DWS.......1..8{.9XI.....3........... ..ji.J-.r..-X.9.{^...y...N..>....QU....0y.].....H.I.V.x...;F.N..d...v*..eU.A..E.;.5...7..a.5.....[...P.z.....8~..nH.UT...iF`H..J.zL.X.J..z<..S..U.&..|G.y.&.S....\h.>/.L......C.I.N..`..k....E>..@......LMb...e.;..$.......G.....X...w..9n.........>.e.8#......."....A...m......#D..vk....P...6yxA>...V.......p=.~^.|.T.g....2......]6.....E([\m....R..D..]r.+NA...s.....>*../.=.....c."..]...N..$]{........X..-...S.G....5^,..D.......JX>.._..NO...0..'..l.X......e....B3`9M..../...)%^...h.,......s.W\L...'....)....Z.ko..J +$....v.Ul.x..0',...g}...s~.=.TE.&.:r.+g..8.K....s.A"O...C....hy.....l..7.L..f:.qhYhQ...8*.<..|..St..|.L..;hT....G..y.>A.|)..&...am....6..........;...W......L.'.d..........@n.w9......S..ZAg...,A.sj}]P.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1274
                                                                                                                                                                      Entropy (8bit):7.854386781087371
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:jYgvDCzACRH7Ulb6l30bseeKxUq6B6HlXDlCrUJVAT+SPlgzU7+Qt1DnwW62loSU:jX7CzHx+bs30b/edq6B6HxEraATlgzUs
                                                                                                                                                                      MD5:EF506F78643767E5B853F7EBEE3B5CCC
                                                                                                                                                                      SHA1:59F1A07D161D7DC992D4E1D8B3E8C2FA523883FE
                                                                                                                                                                      SHA-256:A769F39E4E712EA8C2D96BA43EEE283AB97B8B604DE9E8A758640EB2ED740C2E
                                                                                                                                                                      SHA-512:6490CC1323FCEAB11202A239E62E4B46152A5261440E15A19BCC540286DBEEDA3CAE48D9075A8EA308FC1934CC06B6C11FDB0BFBDEB83F5D331D9F3F7C5C1928
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:*4x.~k......R=.H.,|.....cY..PWg..-.........a...c...&...=I.W...^G9*Y.O.}#YO...h...p....@<..5.$KE..h..EuL...N.8...."G{HP.&......+..^X.....s}U.H...6n..>.T..(...E}#..6(..H.(S...lB.........T!.&..#.f2..jE.\.%...MWd.L........)...pCK......^.....i?...1..2[K#.b.-.-.b.55...C..W....H..x...x...........Z..........6....I.6F..=..CggS~).1..[9..r}-3Z.z.D..1....nMSQ.U2...#v.;3".Z.iH`\h.......{.te..b;..(F..3..*...1R8`g.....+vM..A..'..`.@..}..n:R9.zXZ..hi..3...2sY......zYX....>...N.....i.<*....o-...?.a.7K...@...L..b...D....q.-.M.c...v..sE...+..,J.a/...m......9T....t....p\M9`R%......Des.Q._uK.g+.WS3.y.J....3{.....XT.E....W..=o.Q.....w.._.-sgY.j6.......s........\*.)-.+.v.:u.....$=~..~~.2....(...n...`}....i...p{....te.EA.Cf.q?..R..[.>u.B.jGu.4..y..i...u.C..\.H..#..........~.A.....-..P..gRrv.....V.e..e.\x.y...-l....i.O..F..B....ouv.8?.r..k.....|9.#..f...p"....jyi[.<..-.....#.....{mW.....!.G.T.&mML...p......:....-T....A...W.W.IW........H|.doYM...z_V_`...s.-..[.C..B...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.82554031154175
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:jMAObK4cHkFfVdtFdDMJBsJJKYzDELnv51MLyxxsZGbrHk5xqfloSttpVM:jMAOlB7VdQI6Dv51MLyxGsbgctre
                                                                                                                                                                      MD5:35A2E169EFF9D6DC53F8C3C7E3DD0379
                                                                                                                                                                      SHA1:D349266A5EF4DE011E2439843A2B023561E17E5D
                                                                                                                                                                      SHA-256:54392527D3FA4C4ACFFD425CA62A416905EBB2B5613F8C1A279567068965B673
                                                                                                                                                                      SHA-512:4055F0018578E71F5D0E832C0052711563CF9A08B869A89585C7B8AEC0BA7DED2BD0E55E6B032EDB2FAFEE808B87565546B6EE42E20BE71D368C7E97D44B1BB0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:G...#..0z..(.j.E....T...O....|....T.MU..M.ob.BE...2......c..*...5....9....bs..6.....[R.a3.1r.~..+..h.7ga..!j.9g...Do4.s....6...f...:.....i....l....>..g<...gC.=..!.f&A!.U73.I.6..-....1..k!..[q....@.....G....7..".....!.D.z..m.#[.....f{..E.S...3A.p.I._i...'....3_.G............aO.q%W...".@4..Qc+y`.K..C..E.<.......|..&.;......)j.9. ..G..W$yuZ0.2&...#EM...!.A....o..F.'.. `Q...;...,.R.UP....2.*..N.q...%U"G.g....#.......rit`k.....E..f.....`.[...E.mSJ.. .2...7..T.$..&..y....e.T.....*..),.<..:.+..aV...8...W..,..^.g.O.}..)..jy.03-B~(.X..<H.z.cDx..y..2.i......2.....lw.[a...1..'...&......z.=....x..V.[.....!.6`r...%..~.}O.a,.=....$}.7.=..5Ot...i.^=j|.qo%..kG..+......'......@.u.3C,_d+.3.I$....G.h....EP.%./..B..f.'..U..j....P......i..t.@.t.Y./...2I..4...@-.j.{^O...(..R[..nOB\LM|..r......JcS. ......l......|...f...{....L...(v...z..GT.w\w.t.{.&....`.6......0....`/.}.5+.....C[=..../!...L.f..2CB2....YaxE..S.g....8.-O...tW.U.Nw..4...g..].9M..3'y.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:PGP Secret Sub-key -
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.840299367680533
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:0EFWgy3azzIg1AnQoGCtpv5ZpWiZwYiUauiZ8p/27MVQBf689ploSttpVM:0wW33kIg18vzZzZHinBIQZ6Kftre
                                                                                                                                                                      MD5:AD16EC656B889AB5662B85DB15089763
                                                                                                                                                                      SHA1:02404AFC59A971C3AD6FCA39C3E095C6C6AC914F
                                                                                                                                                                      SHA-256:7DA1E4ED1D218C89B5D18A7B0D30230BD7763AE9CC7F651EAC2DFA3124DB1566
                                                                                                                                                                      SHA-512:5139A6DE8F23E2A35207D78CFA95B9BF7F70040B2948AB77BF98317241A127B967F88CA00B1BAE6B80ABFEE685D3624F935180297DE43E4180341DCF57D7FF64
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..H.b..."lU..*y|........ [...M...a........3...;)...dJ.... ...Gv.31.K.7..\G.J.1../.C.u.Km...r..E..c...q........r&_.).\..59..]G....._9......vq.....LM t.......p.k...4..;...c..Y.[...[q.@1...6..@5.i.7}.FQZ..B..K,h......<h..)v..5.7!.+.!.B..6.6|c....1..k..w..GH-......O..#.Z...Q......$s..}]*A.Dni...Fl..?...=1,(....wd.....n..(}.z...*...)......._..Bhh.t.N2vp>D...W. .T.."...!+N`.lI.F.Oc....%U.t..d./..=|.|...M..>....KNt........W...2...y..z.....HYf-...z.....<..$..0ia.1@i.)....\..:....K;9.........t}5d..v.-qt...z>.W1@7PL..n...>5..=mE..%N.0.......[..s.`..|E......A..TD..\....D\.hC[...`...V!. ..^.{..S....{...O.f.y..!h.....n.w...Y2.P..X......g.....:1..(x..2..h...{.N.3..CJ....Z......y='....3.j.Y............X".L.....J.F...p....|I...s....w!J...Z.....%.@Jvz...$..<2..Y.[..y.....6..tv..../..Lo...0...<_.....-.A.....n.`b....f..Z_A.m.1.f..r...6.........k....J.n)..>$.'..Q...N..`U].S...R.a...A...*.-Cxrv....F...N.3a........^.~i;.z.A........b..f.Bapy....a
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1269
                                                                                                                                                                      Entropy (8bit):7.862461259237977
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:p+0dFU0XzMl0/lvYReKiyqThyKttnv1epnQt3LsVEa9IaObloSttpVM:pTvHJYEgqT8yt98QFsVEa4tre
                                                                                                                                                                      MD5:C711A11846AE13EEDDFF6BAEB72D951D
                                                                                                                                                                      SHA1:6FC7CD2B595080B7FDF8C567DBBC104EE7FE6142
                                                                                                                                                                      SHA-256:6B69430ECADE6BEFF57B959121E44411EFAEB927983F0695515C661D04B41ED8
                                                                                                                                                                      SHA-512:853E7B0CAF97D751224D093FE3110B78DABE88402E3D6BFCA7EBA2AD51D58E2F867FDA6CB1CF9D2146FCA69116095D582D7FC944C5BC3F45E30018D8E084E354
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:$.ct..o.....hE..i.......4R..L.7..D).......Q......".../xk.(\.w........gXL.WI..g............U._..&.....).....R.e..3..~#.*..+<.".M...~?L..+.](...'...n..q.8...{.....Y..e.p>U3.^?.K.6.|..v!..`...s..}...Y.8..{f.F}..Js.HK.E..........DJ.)*I. .mR~I...5*.~a..9Et....#a.2.4..I..\|.i..pr..fg.k..%..E..e...RD...Dg.......S..8.V..Q..E..]2.al. ..zE.5... s.../3.,..d.5...IJ..l.....\]6.#.T..].(..0+.v.. ..e.<s.=...w.O..H.....U.u\'7...!5...B.V...x..B3oV.]..u.mw.l#.l.......a`.B:+$b..MF.,...OxVMaM>O.*.....~..w.s.T.#......O..C>.ab.......@.9.M...F. ....G...*.........5.'H..f....23..@.....5.6..Q4.....88..g.~Z..c.Q. r....AW..W........B.V..K.:......5..{y.L.a.rH.............:.w"!...~.....<.~......".=...X..:{...H.H.,.Q...!{8...a.......Wt=5.Y...e.g_..0..N4.{..s7.X+./<w....x.R../IR..w..h...w..5..r............o..x......{MQ.G..~..$.....`v...n...9l@.oz...6R...>.+_.H.(...`[CyXa@.....5...C...;.7...t.y7...r.B.N.9..Y].[......H~j.....`).z.j.tZN.KB...zr..F..\....+hL...m.AP>.T..C.9
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1274
                                                                                                                                                                      Entropy (8bit):7.847859647000587
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:BZ1YtIFAPlahlWEC/WhJ52LtfUc5Ao8e+KiXEfuWbZ/BnDsC+ymloSttpVM:BZCKFA4KEukimc5AoT1xucZalyetre
                                                                                                                                                                      MD5:FEF5984BEC1EEA3BC388D45BF10E6978
                                                                                                                                                                      SHA1:6FB0B74FC8BBDF1A2AE9F2AF7E4412C051AC9C78
                                                                                                                                                                      SHA-256:E1C5375887776647F19D4141A1281A470E91B76623D30E6C861FB1A81A353BE9
                                                                                                                                                                      SHA-512:3BEEED9EDBE7D33A256560051D7EC702C4D28A3AEFF50E84878B3E019A7F6785EF01C88A5A1E7FEFF749C943F5D13A358175BCE76247FC87804E8A35D211D84E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....{.).n..t#.H..].;3*..^u..p............<`.7...5../F.......[p..H..A..HV...{u7Hw..........ys"..&. ..k.w..w.4..c..%..@c.Ho.s........*..,2]?.7....ix.J/....".RR3l.<u4....1..x5L.}..Y...;..yi.n.[i..>Y.X.S.=.........g.x&....l.\..y.f>|E.8hysYA...%.d...lW.mn.k-W....o..\..MC...2.>..xS#.]..f.p...:."...I.(. &..63C.y.C..g._~..U...$...w.?.d..z7.h.j..e.|...L.M.i...X..k..Q..z&.:.v`rM......Ru....O[..0.o.Ber....8.L......d.|@.5........s.../.....[g'....d|#.......f......'.>.....B.&......[.....Y.....X>..W+.2S..LZI-..,{.K/w:...c..7/.x.._....4.`.0.W..E..7..d...`ANF....$.?......6....`...4.C..{..........p.\3}j/~i._j.......dY.........P.>.2E.J.O.p,g.t.[gd.w.r....Sx...9KW........X.0*H..*.t[...W......O.q...V.r..._..II.Y6.......w..9..Ie.p*...K..5D....)s.Hch....@9Y...=...W.,...3.`.v...T..!.t.o......Q. ....;B0...qV3]..!=(%Fg.......v....."...D.*..X.J.6.V.".....fl...p..bs.!aj.V..1..s8....xy._....6..7G.2..E..5;d..0r....6."....../.}V...B.7|I.~......{...s..].F.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1273
                                                                                                                                                                      Entropy (8bit):7.861134576024235
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:0aIlb79Hx5/X7I54ApETaE76bhQD7NH9AQc3udwO1413HkloSttpVM:0aSP9R5/W4Ad06m7NHE+iO1413Atre
                                                                                                                                                                      MD5:00D3F5676B9B4E3280A7DE50AB9A8CAE
                                                                                                                                                                      SHA1:225F7D95C1CEE5F52092A81D628F35F2762FA504
                                                                                                                                                                      SHA-256:5163AE1BAB84DD35CF037DF6D8EC531DB7581E5194E11969D4D0D98FDF317247
                                                                                                                                                                      SHA-512:46D4EC8230122CEF781E5407EF0A343642B083646B317E960C1BFAEDBDB1F3BDDA70FAAA20131D3282002F4372D6EA41B3B1AEF19E3E589D5E7FE1032161D137
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: .=.".v...k.r.;P....r].....M..........K.Ct...."$NY.1W..F.....{.....Uk..`...I.*.7sf.j(.I....(...Z......ep.;.0.N...).s.....3.W..".K.<'.%.* )d.......... &3..J.....tQ...%R...ljM.BT......M....."R.:..wW...~....3p.+.%.m.....qP..tQe.p.q3..8..T.e.R..m,.N..e...o..n.C..;...".....h...V...r...........`..N.^....e.89..P.....4}=).............nI..Z...sIn.=A....*QW..z.3`..\.....$.2....~3.}.I....:4.M.p_.4B.....3...HV.......a....xjf..;.$\./(..J..........a.(3.,..O.9].).]....)O2x.......~..u....H..O.h....K.h..._.-.s.-...!/N...v.^V.....#.#p6...r...5O.........;..qEw.p.ly......T...?.P......P....z{d....8.0\....b.nRA...'3...l;HD..HG;...>.vInT..4 .+....i...>.S..L..X>..xi1.r..t....C.P_TD..m..y_)....j....>e.....4.. ..G$.3.P....z.......m...m.@.....!&....o-1..O_.....f..$&#/ +..`...-o.....M....G....f.....h..0r?1|[....m.u.....[.~......a.(...U.;........b...H.WZ......RAW3..n..Td..&..Y*.n........>eu......`Ac.o..e.gx...kDJ..Y.|......('.G._jV.\.4.c.q..\@I.....a-...`..!G.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:PGP Secret Sub-key -
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1270
                                                                                                                                                                      Entropy (8bit):7.8488803370326545
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:8Byuet65UBn1cGV/9+cEVRpWiCzkqfiRQgUOloSttpVM:Cyui3BnGkgccRYlwHRQgU2tre
                                                                                                                                                                      MD5:CD1AC590C6EFE9AF397C04A8010C5AA2
                                                                                                                                                                      SHA1:3910B8F22D07D17FCA1879E412DF529691B8189F
                                                                                                                                                                      SHA-256:E378ECA529F1F6DDF1734F6116861AF07486165782D14951124DCC9B7891C532
                                                                                                                                                                      SHA-512:BDCF6B9F18F612A9541BCB06FAEDF24EF9E1EDE12807D0A99612AB035AB339E4716E3BDB5A31F993F59E7DD7A43D8887577563A93C16E9692BD42B7D521984CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..K.N:2.T...7?^.c..t..&.)6..w.#.V#.../....2.<.Q...B.T.vEn....;7...k.a~>...`.Z....x.>...REdV..Jt'3.^_Q.7_......{....EQX.....f;..._$e.0G7.....].M.^6.<"....7.}........#......0...^..G..;Eu...QL..F...Cl.[&a-a...r:'..%...h...\.skyx.R....*.6..A.I,>..h.b..b...<?.9.(..[.}f....q;%....`.B...W}k...7/.AM$a.8R#..1....u...D9........_@:..4..f.q.'."......,...c...y.n&C..?S.n...z=......Y.m.^v....2NB.}..]c.Q....-....Nq>.L...[....m..&....*....WM.5...V.%EF6..a=....YB...=m7C.W.h.x.........:H..[K...@H....~.....Av.A...r!....x!./1....=..J..Wuq..Z.W...w....8.........v.H...F@.\.......*AJ...{.@....I" .....cI.w.`Nt'.9{.mq...)U...B1.wq..:.}.U.".........* ....\.O....5i.....^a......N.r.+......M.Gd..........,(...^........`K...T^...m.+s.8A..j..........9.......y..D.z.@..`......Qy...3.B.>@..~..T%.g..[&<boAPZ+..Z:.$..+R.=....^.\..8|.|.."-.......g...(.-.Tv.....F9M$...)x.P.T.+.(..>GK.=.'..e......U.!...D.3.....?._.......H6}.W*.....IU.i.Pj.?.. .Js.D.[...W..v`......=..T....5..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1274
                                                                                                                                                                      Entropy (8bit):7.831295173005915
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:JcIDSa0eKAZR5ekC4RGQWW2H4LV1ijA0oVfrReTmr2iGaD7loSttpVM:JfTekXNJ5kjr+VeToHBtre
                                                                                                                                                                      MD5:C3901430270A27A03543306753DFD2B1
                                                                                                                                                                      SHA1:E7ECDCF96461FB6996F4A61B85489225339CC58D
                                                                                                                                                                      SHA-256:87A80A3E1A0AE2BCF6365D1973705F089A24A8F3714D8B50A423AA8C86D4D0D9
                                                                                                                                                                      SHA-512:36A97901951582502E1F09859D6D817DEC2F59FECA6FF920E75B155A3A709BC820117C0DB5FAFAC061B503D728D7A0BE87803A5732B034190054FBDA5961E82C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..w..a:..u(.......h..5f.............1)...YCx......v...].od~m..c..i...d.x...H.SLo........l...H..........k..b.W"....K...St.9Z.A+.......J......[...n:7.8..he1...|wA.33V.......Q..c...^.}.XU.....Q...<..V....V$c.....R.../..N.....g(IQ...q.L.2....*vR.`.r........It...../...K....T..q.8]v..j>....KW..:......q9..`...<...w.;..!,;...e..X}el|\) ...`F...h.......N66ZY/....NC..|.-t..+..e.!._m...,4.....N.e.u7.....$.....6.........t.'.i.....{b........u.....6.6.(j....O0..H..&Q.i...*.3.z{J.-.w2\..J...:p`..dJqm.L....2..<......G.Zq`...#...;..Qo.H....4......%..k..V{.d..g.UxF....#.<.rv....{.....+:....6M\Y.`..K..[...7]vp.`...............R....A.2..\/...!J....L...'#...Hb.Gnt.:`f.*......._.U..5o&)TA.....8..=..1.r.i5.Y7+}o...)..I.'........okg.U.k.....P.xJU.`g.i.|Ny..k.R..D....s..urLE.E9.....JG.s[.D(SmY.y].sj.....U..l.w.\......(.t...C.gf..sd!..Z..Xg...F.$..v.y.M.../R.<..=.........AL........p&W%.......Sd+...m....1~c.....X...o.3..k4Ow....\.....^O../.4{...y.A.QHv....7..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1273
                                                                                                                                                                      Entropy (8bit):7.847658198109005
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:oaXaWH92LmRsQLr2BxM8pm7Q3JefRc4U1hjwebYk4KojloSttpVM:ouPULCsVBxE7Q3gfRcthPsrntre
                                                                                                                                                                      MD5:DC95AB20E75063AB7B5023726ABD8BAD
                                                                                                                                                                      SHA1:EA936899EFBD456512FC606AE4E27D70D28BCA10
                                                                                                                                                                      SHA-256:94B8883A1160A947CD7730F03D07F4525581E3AAD915FFCB023038BC96A49709
                                                                                                                                                                      SHA-512:EF069FF21D09B550FC026AB7926F571D8963069AEB34887A2B48460948911ADFDA1DF262613B08B33160603C72A0B43B2D4341224A6DA145064B33EA56064200
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:})....].^.:.......YSe......./.W..q)~......J'.}.}.....:......?bz)..z..v......M.B..G......[..t..H.ny....s{@e..%8..>^n.M.oL.F...H%....:..X..ca_V.pj$..:..~.%.e...s.i.......(<l..p...F)<...8bqa.....=..:\........V....Ol....zY..A.%.h..tY_.......-..x.b~.........*........N./.W.0.0.T..z.m......iy.....>.....`.3..........%.....i../..4..`...{..'`..G. ...^Mq..y...hj(...yRU^.*<.5.#X3..8......NP0O.8...0..g19d...2.TgZle\.x="5I.k.:..:.@......{X....r.<w.e..Z...i'nL.H;..m....0........M..`k].......n.T{v.......N..h...XHU.........kE..7,.d.i;..M..2.....v"...-.H.=.Eg.u.ldE;..,.).5...8/...{?F.o.a....p....A...z.b...z.......O.......k...VGw...|....WJ...>.~.<..8.......>....>.?K..W.5.]..~E...N..a.0..s....4..*.^.@.....Q.j .....Q.L[....*..Hp...B..a.hwl..]..".[..........qB....\:E.i....<..y.8E64;.U=.0..[c....[.m.T......`..u..,...[.C....;w.....\........`.........E\.1.E..v..4S_.".5.QOX........(...!..a.W..]+X"..4....$....nP.Q.O.m.....<..I_-4.1.n....;d...#aaq+...{.....d..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1273
                                                                                                                                                                      Entropy (8bit):7.844176404419942
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2wBPmXLp5OKJs9pO1pGT8SMxkvcecuVks0ecpvsr/eYEGoGBPMrNSNloSttpVM:jOzOms9popEzcjAt0ecpweYZoGBiSDtq
                                                                                                                                                                      MD5:FAE8F3DBA1CEE9A9BD5216D19F352A91
                                                                                                                                                                      SHA1:A2AE7CC9EAAE5A0DD2A991555DCD595396F7C64C
                                                                                                                                                                      SHA-256:416F87C96C425CD3898B250B6D6B854198D7A6B2D4B73AA9A87A7704B2CA253F
                                                                                                                                                                      SHA-512:B4DD467BDDF184BCC5792A01E78ECEC216310B484A0A8431244AA33DEA5AA079D202132FB133D5762879C8AB0A428A622646C69F28D2153E765A93A97774FE64
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.zU..sa...,L0.....0..h(..F...=>e.2.g.3q`.$$.... :..[...._6_.!.C...5m.._.o|.$K-j;#...O..K2......AOt....u............R.fm..w.uIe.w.|.H ..4T.m..&Ot{Aj..f.[9B?......!.\...f!.V..6....$@.(Z.Q.j....)..T.E.....T.v.......$O....U,..Qk...'..P.A!.v.u].;...x.(.u.`Jl'O.P..@q.."....o.0.......fe.eH.(Qw'....C..=.%........i..XF..{a:.A~........2(q.6..*.........I...$..^.^%..i..3.]...I.F........C.[.3j!.....fy"..= 7.o.v......&...4..:....EK.sx...P:+....x.).G..:#...{.E.7...p..I.Z.}?.wg.v;z..I....v.R.E$....cW.;&..(...T:.p...]z6c./.I.....b.._.c.......>...=..c..%.7c.....^<1.@^d.sL......#...\.aS..m.....?..3.E.F.....N"-.&.0u..@ue...._.g...b@...0..O..R..^...:;.ue.dk....g4$E..X......C.`.....w..p........l..P....#..w.(O..Y.{rz..%..}u......&.H.5...%."....l......C..-u..jXVcT"...A.o.~..4.4>#;Z...R.../.y..8;3|. 2KJ...i.`...^F.~.....$...\...>.....e!..j..=..5.UZK....BV..X...'}......... .% ....&..[....Q./...E.. .[..}B..f.$..$...4g.....Xq...-y.,...6(....GW..%.....+r...(....4a...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.842601448329007
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:NABaZGsFBI/+KCxHhF0Uh4d+RVsxWJoCyG9KBCA8ZucjFpo9GfEk3fjjU3bloStq:qBXN2Bx2xGylZKXomFfjatre
                                                                                                                                                                      MD5:F6D9921866E2A45CD96FDBEF2DF85430
                                                                                                                                                                      SHA1:FCC7C75B815A7B3CC573A08B75E6849F68761DC1
                                                                                                                                                                      SHA-256:817890A6CCDCDDB99129559E829B794A0DC4A542C8C909280B345D06D9ADF04B
                                                                                                                                                                      SHA-512:9F9617E2F0551427718AA5FA32542DA84F6EBB7D71D711B5E57072AB24E9ED7266E288785A1DAA1D335DEF0409D9B0E8D2235AAE9D5FC595BB5CF2619CE0F977
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:?z..-:wi^..<..\.....G.?........w..U....t..........y&.......Gc.=...]...{1Q#F..%.^U...@.p#Wtp.[..u1..] ..EGw8.x..K..,'N%d.V*rm.%.......Hg.`....^..2-...5%. ..o.j\0..m.i..o...#J.y/0U....@.n.L...D.Yf......b.Z..+T{.6my\....<+yZ...a.}......1MuM9.j<........q-"V&....J.Z..h.R..CoE.`xR...... e.s..7....._l..... I.P..f.(.Vri.J....(..k.a.0......4g.8..C~..Q..m..S.G._F....+.....1.W.&..\~..uy...w.7.0.5.P.C.01i.x.J..S=d..x.h.3(k...........I.U.CB.....t.1v8W.._gN.L.>..}a1..#.7G....D.a[U[Q.3O......].n.6_.},H..={n..... M....~(R..@...a.x.s........#.][.9.......Y...I......&.<(<....^.:...wQ$.%r..K...w..@.s....yB..9..L.L.c....9..t.L.U.4'.7...6........b.&..v.#.i........N....e.a.sO.^.%.......U...]...l.-.....&.l$....Hd.<.[..w..[s...@..P..,.2h.....-:.*+.x......M..AG......8....huE.Q......_....D.Z.....Yb\8_..........p...(.I..!..A.......pw.......1.m.G..L...%s.L..@...~...^o..^.&/H~...|.M..H6..dX..A..:.D......B+...+...uQC.L..%6....6t..BK,."D.E8..-..../.*M..9..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1269
                                                                                                                                                                      Entropy (8bit):7.862565203294846
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:wlZD8vP1TZBV1B+q28rIjiDGkJrDxzJdho/SSNqiQx2pbNQzUwloSttpVM:QZD8prVHnZykBDxVL+zql6xQzxtre
                                                                                                                                                                      MD5:7BB08E7ACDB6DBC3B14A4464BE59E20A
                                                                                                                                                                      SHA1:BC5656DE903F7D1CF0AC195BD34A56825B69DCB1
                                                                                                                                                                      SHA-256:AA30DEF360B87AE488799F2474F38825642F4563EA32B425673E2C7773B3992B
                                                                                                                                                                      SHA-512:A128FB935F66314247FA106F53E3EAE7EC85269C60E26ECA971B0EEF219B8763FDA0791F92B0DEEC637EF3F8854D949860EB7C0BCD96560A348B0FA3B8BB0A8D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....@.B..!..~......t_......=.uN..r..wt....P;ks...[q.........4.\........../.-..C.x.vW..uD.....z....;..o..5.Y0.................p..O.c...9..N...*...;....N!.D...M`*cL..;G...9...W......L...5....qI.p.}U...QL........lru.f60...HUW..GY.]..}?..#q..].Z!....@.......W.-...).ZV.;E..*.....Jx.=e!(..)..b4..J..5m..).-":1@..(:.M.G..1.h......_.O...).O...tA.4...z....h.h.hvl....w.....}MNxW..........>.7.]...&...~B.......hO.P0>w.G..9D.b.6.`?l..........+|.o.k..^..P.....6..;.%..>.....b.9.b....]x....j..../`.!\1.........vI.3.FT.......b.@....;...*....F.7....J....Y8.e.=.n8.Rj.BT........E..S( |a. S....p.(P..-F..0d5..5.s@....G_..rF.m?].&.p.EX....Tu...&.2...<....',f.K.....a....))..G.}D$.RENh._%J..8,[q...N..h.5F...\."G...^0.v.D.p.S.=.U..5...{..b.....R.)?.7.go.En].'.......4.J.S........<N.x.>..t...f]3.J.@[....D.?.@u...Z.L.....GT.].8.A.%...i(..@T%>.o..#j.....s...N.. +0...Yr..;......7K.a}.......I.@y.2...:.Z....Q......~.\..X..P.x?.yE%I....1..b..;q.T.....nE......H.'#..=..5....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.850812906266724
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ulI7rPEaiM8baef5v2iDm5Lzb4VOvLW38I5cP11Z7CDjTZVbwloSttpVM:ulI7rsaiTZfND+LzEovPRCbZVbMtre
                                                                                                                                                                      MD5:D1ACC627245881CCB227CAB1505C5E1B
                                                                                                                                                                      SHA1:DEAB3674B425E0785C1E9ECF43251ECD2B988252
                                                                                                                                                                      SHA-256:B104C3EDB8B4F4988EDB5E3F21BFDA410683E80D9D821CB570E5095DCBFAB15F
                                                                                                                                                                      SHA-512:77958418EEB33ADEEBAA222BD66E20F780DF9C5E7F4E708E8662A028FF49B5F8055CD04FC80AE41DFA6047009C6209B63153221F7C72A8994A73AC1563752767
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.V..#..z......P...+.DP\...D.*!...6.-.n.....l..V..e..zcq.>A..........s...C.xle+).......d...S.. >w.o.V].h.".../Jr._.."..W..c.... ..e..\).Kp.....:.V.G....i..E'9.hI.6./.}..7f....uaH..9...}P.:`..8...%^%.. Gu.1......2>..r.F.r/A.b...P..Fg.......T.V.7..!7...fV..x....}....L..,.....vjY]"..G.'3....v....;y.i=......S<...H8].........0(...D.:D&H........BW4..>b.....&.....u.+.)........f.g....k......:.Z..v...g..^.~....j..h.5.....)..........! \...j..&...9.c..4D ...+A`=Tx..E...n9..F.%..a.......J~..{.2..QI.My..2.)...>.k.......V..G...E...Q.;...M.*.>T.....G.r.H..w86q"....N.x..>..3...6.c...%....!.NY..(...]..0;.]...{.f..`..D.+...ES+.z_.R5..~N.....'TB. ..d. ....:...V.|.L.S.....0.....S..&|...V....A.B..A..S}e.....I.7..R...#$..R...@..VP..x...U........sm{<.k..g,..9.,.k.....=S.......;.F.....~.....D..O..rIGg.XDp.zZ...e..._..'.6`..o.2....o.].V.R#.{.....`.a.e.y....IO.........H..n..x..w......I.D...u.K.j.* .e...P.<.!..U..z.N..%.s.>.F....@.C\....KiQwzU..u......
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1274
                                                                                                                                                                      Entropy (8bit):7.831836907949763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:ph0iZOxe1pUTGb3NARNUt/fw0zwH0kdAwsAQH89MzHIgHomloSttpVM:zsGb3NARaVBkUeAD8e9oetre
                                                                                                                                                                      MD5:C99A828C9B2C513348B6DC0A3A2EBB14
                                                                                                                                                                      SHA1:4999A741D35B661131EA7C56FDFAE8919E5A1547
                                                                                                                                                                      SHA-256:A20BD98BD5E382CFE6CB091203F70A72A2E8BDA1E96846318F1658C45CF27909
                                                                                                                                                                      SHA-512:103CEFFDA50D54938D565C040AAB666EC84830900B115B584B2821DE8438BBB8D450E1360608838243B93A9BCAFCB36A7EDA7A4FD6F309044B5E7012A3D0063D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:t.a.._E.74.SN.1.ktO....~..X..B&....6.x.O..%..]...A.5....8..%s;n.q...e.P...!.\..lM..On.g..]......7. ........."V.UK&<....&....GZ..6....].}...?[SC ...B..X .....".......>.\*.z.X....vK,..~.=.u.9..=..h.....A.@.C.D*.($......@S.(..+k3.wNl..r. ..r..1.|..!..hr.B....$.R.b.....(..i.....T...F.X..H.z..M!....yIX.$.T..+m......A.....=...o.+........B..N9Br...}...1..c..g..........C.....7'.:.L...y&..KI_..z........yk9..2...6;+.y..D....^.3'[ ..67......j.`'..z.)..e.YM..,?..6!...Xbp[...g.\....-...j..S...;.8...+....&n.....bj....xo.R..v.....PJK.V..0.m9....$./7...9Vq96SG.-..8...!Lv,b8"\.........&..B..W..]U.?.Op...fGi.j.........o...p.q.'.b.2.#.Qf.o.~.l.....0.".:.&h.t....@........>_....AW{.b.....oq.^..GZ0_...7..m..sV..A..}.\.O..A.)....%X....7...0dN.l.Z..&n.Z.H,.!>.... ....)m....g.j.<..G..F.....ku#...U..5...N......Vq+... .....3. o.l<...p29bRMwn.{...@.1...lzK..E\,.D.]y.4...._<.3*.. .@f.f.b....}.......S.....0._..U.4..[..f......T.....q..i#.hWL.p..H.t.9]fa.M.D....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1273
                                                                                                                                                                      Entropy (8bit):7.842154102054643
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:OuLgVxM4keqvitFDAS1dec0iWBZrMR+SIxvrQVCGv60BqtYFuk9lloSttpVM:OAgVeZeqvitFDAa0iUrMR/I9QVCGvdbq
                                                                                                                                                                      MD5:CB3AA919D32733010EC86777B4812143
                                                                                                                                                                      SHA1:19F1BA59FF9713C38B34C7B55EE012F69AEDA16D
                                                                                                                                                                      SHA-256:6EE9E1CA23A07546C15ADB0AEAE52559196D412CE7F5BE59AD7B43A8B6C6F46D
                                                                                                                                                                      SHA-512:3F26B47F370B28E3AA54464EA07A0EE26B25372BE342E30FA43B6AE42BE2391727D6A396A6317C9F8BAF746AB15A187040F7CE3FC49670473D24D600D35F3E2F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......ro....F.....+!5...M..xQ.+...1R....^..G""z...b.......D..1.idb.....@.E.....l).)...!.......ea.....w.~.t...HV&{.G..=<Dn.....]..4rA.....A....{...'.QY....'j..hd...X...T......g..l...."#j."#...].`.{...e...E..jT.......sr+....)..[...........$`&N....G.Y.o...G:.}.M0q.....{.j.e#q@.|=.-c.r...jz~W.H..J"y.....w..W.s]l.d......Q..)f...hq.S...W.p....xk.c..bd.2.......}_.N\H..6|ay\...p.2..@d.(.......*x.j.f....c......86............X......-.]....#....^...._.ewf"o+.u.K.K.*...d.2."E...~.)...\dj..s..l....WK.[H.:.c...@....m.YU+>...c....E..A.f..T....S..Y.3*.~..SCp.]. i..#O.M.dv..........T#..%.,.]...y[X.M.E.3G7t'.&T.`...Y........8HJ..j...H_@...E.v.A7[q$r....../...........V...;-....]8..^..GG...-:...-.{...^mf.#..VG.[..o./...z.q...H{.2.'.vYXx.rK........`r..7...p...<.K.6..!..Jx2..H.!....m.!]..Il..x.(O.]lY.(.......1.s3..6...Q..."..@.LA..7. ..&....=x,^..22.{...#...?r.%...!3..`......C..>.....k0n.`.(...v.}c..B-.5.....8..:..7.4\E.... ....)B[Z.j....PS&.|sQ .....'".+`G...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1270
                                                                                                                                                                      Entropy (8bit):7.848679139693396
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:UNJY2TvtDtO73kOMrGaRrZ+lCsXelcIzyQy935egqMPGSujLfiR3loSttpVM:UNJYetD+3kOM5sJnd9JeRMpRRZtre
                                                                                                                                                                      MD5:A3FFF8C129A9A69CAB87F3D3190B21D4
                                                                                                                                                                      SHA1:F3684840F005AC5BE91112B3F09C1029FA014AC3
                                                                                                                                                                      SHA-256:C224E6FD0C3BE6C275DEE775A2D092FB59AEC71D5CD39BAFEED0C68BA28FAFC5
                                                                                                                                                                      SHA-512:88FDF26A9CCC8C43993DD7FEB8CFF3CEF32C715FB4039B17D4211F4D9245AD67DB0E0F820833EABF4FB241134CA145504651D934AC44EB3D1219C9E58EA95B8D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.M/.{....*+jw.......**)....L........m.....<...Y1...JP..\.c[...U..I.;.........`.d...]...v..`?u!...C.Opl.....T...QS.."v......~.#T..J.o...j...h..qd..|..dE.D.........;p..a.n.=D.Ko..8.......JKF-.2'..d..2-Nv..zA....1.(...(.x|%..9...g...(.k....W.Y...-.......s..Mrn.?..\|").p.....p.h....to.1a........I......C.Rp...lo...H..V!+.v t.5.....:..&..;k!.'*.q2..[...9!\`fTl{.1.Nk[C..z....%:{....G.>....a......'..r....?S...f.<`..+v...T.EY.....FWaY.M...:......)..W.9.}...K..5........o...I...@."...e...aex...)..%.{O..........Pe..{.3H..gi.i@....[;BE...\%.1........^...k.T....K..3..xm...;....!..w...o.Q.WuT.2......D..o3..L..g.q.-8Q....r...j.Rw.a..).GV.l.X9t....U....8rnQ-..U...Cn...RI.n...`x9.....98..i.1...De\.|u...`.Y[.vW.[.M..i.e...$.0-.E....W..;x..}.L...;.{.]..ji.JH.'...Xh.#.....sV^X.G.c.w.......t.Q.M. E........,6a.[.B..h`.`;..r.TEY...?'..o.......3.._.@*...sI.W.H.W._O......:R^.Wu2hf@].d..[.-.\...\4+.o.........W.T.....9....@l..s..D...A#V ....p$!99L..s.@.%Djy{N
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1273
                                                                                                                                                                      Entropy (8bit):7.852406914497228
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:i/CJGhhH9swj0UhDrq1U8jcoWlSMpjoR/h9RiafFFXeloSttpVM:VkbC+0UhDrhSH+cJ9htVmtre
                                                                                                                                                                      MD5:A33030EFF55136A18A84019013629168
                                                                                                                                                                      SHA1:241DA7980FF67B3A9EE56842F99AD08F59561DE4
                                                                                                                                                                      SHA-256:9D77ECCA7F4FD2699357C21435042B7A86C6C1E7F4F25B3CDF2FC50985B974F6
                                                                                                                                                                      SHA-512:35BF1E5E95DEBEEC2A1D8FDABD35B84DB624FA2D04690C327C8686201C029E85C6617581532AD1464F232A963921384180B10489F914D65D1BB66464A277CB79
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:mq..~...a.q.....R`&h<.^3eFd..... .+....L..YD...(..Hv.z.........}....f.u...[.=4.y3e&....OP...-...Z&7.d..me ..i..G...W&........0.A*.........[8...Ny^.x..E......:k7T..L../.Q..9.l}.Kr.-'.........f%%O..kT...T....>...q..T..f.2.y.....6........5...s.N..)..H6:~r.c.Z..:... ..w........(J....6.h...{M'1q. .U..U.d..n.i.......:....dq.*)....?......(.....+.XG....o...t.+.sx!.4...~...3X.K......tAw.o.W.F...i..).kK..4...</.M$4.=>E....%G.....f..vG0..A.||xa.....+..W....FYR.V...2.X~-s..@..Q...C.b./.:..M||-c]....=k.@/.%...\U.......vhj..........s@.Qa1.k.YV.j.a{....p....."<<6..+.......G5`D...WP=.z^.E.b8w.z.r.....6.......g!Y.2.f..p?d.f#]IJy..5.... M.o.+..%n{%.g@L.OqM(...;.D.. *.v.xU1.;.T....n...-MI!.......}tm..a..._.......!...>|G"..../YB.N..F<.*..X...W.&y&..O.&..Q....T.a.M.*&..#q :.R.U..`>.4J.P3<U."....... .m......7.3?.....N1b.2.r...B..C<....`4..'..U..O..r....&OX...|...!....i.....]...,.]......*...~....1.6.d..P0|W... ].Q.b.\{<.....*....7.;.n.*.0.2.Z....v.......f.....
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1273
                                                                                                                                                                      Entropy (8bit):7.836076289046407
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:KbXsj7rwCbh/CTlrFBDEOYSv8YCG10iUjSKAQMRhp6HvUS5jircloSttpVM:KcYCbAJBRv8YFK5SKA/v0HvUuirotre
                                                                                                                                                                      MD5:BEAE055254DB4B657EB280C32B6F50A0
                                                                                                                                                                      SHA1:835F338D8DE50F21E324B62B82154C26C22A0292
                                                                                                                                                                      SHA-256:328FA0A2650550E878F5A513FF062DC2ADBEA8D3C7564D5311A1C5C72691A237
                                                                                                                                                                      SHA-512:709573D872A4C29779A85859A3D3DA6FED5DE0C8FFC26B91847471966FA82A77383B4BBE7B9199ABACE0AAD79A216AB7DEA70CAC00C06F97FE204729156D9685
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.#...T..Q.vHcr..a_Q....E...x.....a.J...Q.....x.............r.,G.>....m............... .......$.......D......._..>...3....)...C.%...h|.CzI.w.....}.}.=ZYXmZz.7.STl.....6..V...q.O....x.Hp..2..zEO8!.?..i............^........+.FX..%r._S..H?......u.H....j.IR.....[4@...2.}....G...y.....e...b...}...V.*....qQ..G.U....@./..!.,..M.D......6....]..2&... ...@.2...A.e.$..{/.D....xkDZ#O.2.!q..h.j...".>FT.c.$..:...eF.;..a.2..EF..B...E...J.UMpt....".....oc..&l._..*2.u.s.r..V.'p..}.3.X.Y.S0...........|..U,YU...]!V..c8h.g3.rfn..3.yo..........8.....V.H.k....zFF`.\.^..i...7.". W{..b.......{.....OA....t.R..!..i@F.=P.2..1.....lL.k......[=..`.!h(..........R./....+.e.s..i.Fv].V?e...!.N+.a"..q-,..'.3}..^"}......_..)T.e./..XOMR.."k....,}_.=....^.a.*m.`.^..G.g.....83..{...*.P"r`.|TY.:.s@V. .?Ww.: ......3~.%^cj......_h.x=..FL..#..;..H.m]..E. `.*../,....P%.8.R.\^B...( i.F.a.7.D,..Cq...uM..CN*..wD....kOp.}.Q..1...+X.0EX5..X%..*l.$.m.X....c3..\.v.).R'-.........{\...\.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.8554486694112065
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:lENtYzR3A/FdZh85vuOZmRVVe2tzrTS3sO2h20j1RREjJd4asa3x4PmZGbLYL7aL:E/FdZkudhS3sxKJd4adlsbMECtre
                                                                                                                                                                      MD5:FF61AF411C71EECEBA1B17EB80101A74
                                                                                                                                                                      SHA1:0050C7BA15C8FDF96EAB29F08D930FD091E5646E
                                                                                                                                                                      SHA-256:240D74139F7A5BCFEE9ADDB3F44EA085C5C58396EC64296221C378F335BEDBC0
                                                                                                                                                                      SHA-512:B7AE270B79D2C9B8C2357315FE155807812EF0E73323C86C97F611993E6C16818475ABA890A824627AFF472FAD111B5AEE470E04DD24A79EE4E10408F286C732
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:^"X&A...C..[.9.J..pf...o...R#).%:+......Zx....Sa....o......[.e......._...s......J...w.o%WC.|.;P].e..5...L...Mo..$....Va.9.n....ei.Oe...IYf.3..P8d..b.V.dV..6M:&:.....D.^.,S.t....J..6....y..:....$.`D?4..6..$......P.6..o...r(:..O....u.H....6.0...'t&.G7...Xh.=.(.."..r....<.^N......I......R..UB......=+.....{....[2...*....s......A.b..H....$_&.4..%.Jod...~..!..Q2..6..m.~..].9].eg].]...'.SZ....;}FN.y.qb...TuV.N3..R...kvQJ....:3K!4l.s +.l..M]S.5......y\..O.X .....j.$..fpH..t.....7...u$..50q9=...Z.v..j...cm.J.#.....A..2.aS....[..8.$..fIb:.u....WR4...Ec\...Am.......l"....>._.....{.y....IS.L......I.Z....m.zUN...Q.D-....zQ.....f......4....b.R...../.~......d.6*d.G...IWp.+.L..b.znqw...[>c._5Ni....g.|2y..Ou....=.........;.....1.......w........?.^.F..$..7.g...{.._.'v9.Sq..c.....*fS..k...;.#.R..#.`3m..'..qxu.... .X....=.w...M...w.I...:.:..........# ..s.f(....r.ms}[....w!5.J....?YjS3M.e.xS...w! .f...hA .gI8g@;....)/.&.@..7.6.....K3.;.{xB.?..h...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.842274093231169
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:YOsQ9ZoWJ6JHRGa5IA8f7TYb5Sa+Ui6kgzG4STyoAj2b5Q/qloSttpVM:eQ9juIrfYb5lfzG4SDAj2b5Q6tre
                                                                                                                                                                      MD5:F5D81021F9602678701F66E2A92A159C
                                                                                                                                                                      SHA1:984709649D6D12DDE19C131B15DD3EE9EB501D7E
                                                                                                                                                                      SHA-256:3756165719D3719635400ECDB08BD8542136B8EDBA461456CEC78126085FDE2D
                                                                                                                                                                      SHA-512:2F20AADB5C7324708189DE0300317BE64C6778DB2932D52AEF4C2AF0BAAD8F28A6707DEE2E94CF590FB614D07AE49299BA098675C96FF3AB46CE76CB97457428
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...%m......3.._....r._.!......N.p."u....I7..[.l.J.D.d.XJ.g.+.n.d..f+.........%.M.q.xw..i.U...Ij.r.._nl....M......[F....4?.{[.{..w...\.I..B...2M...}....eGr.8.%3....+../.z}.j".........w....g.,.E....o..B......TH.&Y..a....].0D>..\. J.>A.u\-..+v..4U.}.. /...)*....1fQv.[.7.v:...!...ad....2.l.../..... ."...t...8W..w..z.E!5.#Qu...4bN.fz.d5...|A... ...q..T.....-..u..)`..6.}z...d."..3.....j1.q".r.6.Z.Rn.}OoW5.t.L...*..1.T......#. .Ga:....T....{.x.....l.J.B8..Y......Y.;8...'pY;..M.,.r.^.Tr.$..........m...l..../.2...4d....@zb.1.......y.1.T].<....T/....^..d%..../..~...t9k.j$VHb...<.O.D......c....).....GJ.(DX~..M.J..m..c.....R"H5.).kI.t..k.....&8=.[.u..}X...k..x.lU..f.....v......3.bB..=.4:U..?..K/..h...f..O.7:..".W.0.....*.`.Ti....W#.....MH)...C..1\.>.A..#..{9...YE-.....$..U0.R..z......z..t[q..f.5..SH.q..q...F.....T.TBDw6..D...p+i....i..P..../....... .F<4C._=v....{h..`......u.{.A..{.V^\H....g....._^..#K...j~..[*v.....a.NaI..LA.C....q...3..).q..RQD?.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.8387864682580535
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:seeRLOQsFtcvyiR3M/SotBpmuGgNGUs0K1unR4ifwQmZfloSttpVM:VeutVi1M/BVNdNGt1vjQaxtre
                                                                                                                                                                      MD5:242C01CB3FE61E620113F09939F4CB4E
                                                                                                                                                                      SHA1:B842D9B354C8D049117D5CAD15B676221C1E04E0
                                                                                                                                                                      SHA-256:4D7950F599DC260708D226B9DB12683F5159412EB803C2CF9A9F53FFA256705D
                                                                                                                                                                      SHA-512:12E229AA4EA4C31A8D22EE279A802061106C74E779C1F0341C523438DF96B06806B5BDD3E1AF7A739DF3CA455716727EA30D5DD18C2AB3347E3BBA37313B677A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:^.....p..5+....:....;i.O .4,;..v..Kd.......i._*.......;..p*..-*..F......C\...)....p2+C.r.0...E.(...C...J......o.1..X..+f...[J^.a...[.R0.s....Au..7.o.....+5.u.q...T:...`...!....4=H..:..>..O.f..5r.$mbe.K..W..v0t..[D.J..r.C...7..16..c...........:FV..5B...1u.4.B._...4......_..[.o..$...O...U....xw..d...l.+.....Y_.$.Bm..].PJ..H...8....x.T.!................%.....8..kzK....>...:.>.}X.......|I.DF .!.....t&.%f...".!/....+|.D0a..H....H.....|Q.....*.cc|..p..$..x......R..~S....G3.D&p)..!..(.Z.V.l.ce..a..G.(..FoT..........{N^.;y......W.Gb,. .$Ri..8.h...g..)..9.6-^.nAhX.DE...})......X......l;|...Q..I.Kp.>.......[y......zA4...V.N./'....|Zv.^...a."....tsI.b.....NV.L [........."4$w....Jw..7... ..W....{F.%.`..9..,,:Sa^.+W..........|..+..T...3....-!.LuH.....b7...8&...5.e....%......mX(T.[....+y....%.7.K.Y}?9..]...m.V.(..yRN..U.... V.....v..c....EHZ..8..YV+.+......y.`.0...."0....g.6;U...AKi....V;...H..7...{o..&....i.?.....'[.n..@.SW.jm../a..w...O.Q..n.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1269
                                                                                                                                                                      Entropy (8bit):7.8400875621174295
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:d0qkP3FJ3U0Buw8rTf6eiBdue8OppijyMZIDG3fITzEmamwloSttpVM:YT/bkTf8nwOppijWG3Q35aJtre
                                                                                                                                                                      MD5:D5F322CF60DC7F8F6CDA3F2E288FEFAC
                                                                                                                                                                      SHA1:0C77E1275937C9A94517BCD150375C3D7896A026
                                                                                                                                                                      SHA-256:0B72EBB2BC0814C32A517160F4B190B0699F811CE13A857693C72F26B2D1C56A
                                                                                                                                                                      SHA-512:59CE81349F5931ABCA086022BB895C59ECDD72142B516F3217C1100B41F2EDDFE46943CA8DF80E7A679ADF08DA7219C8783B69BFE2D6ECDCD89A1E42275145E0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.......2c.:0F....i.l....s...'....j...?K.+.r..:9.$..e..'.....:.PU..B..b..M.....7...De.izI..U..z..>.......N..5.....{..c9..b...dC.H.pY..`}\.E...Z.A.:..2.U..1.&\o.n.._..$..-...t....?..y.C....q.o.;..R."..k.U....X.{...}..=.y..Nq.. ....#Uw.'........V...[D...^.q.o9T.a.+x..&#..a.1.#..]..QGh..6.C.?.=O...&..P..d-......1c?...:|.R.[c.BqN.F.y.au....hq.....*..H..)l.C...-.K.{...]H......+.2.u..Y.E..;".L.a6..<..@0{.'e..6.q.............)`...)......kU....F..;......B.4...G.......R....eZ.Pa.v../A._j.....P.|....(...jv..7,........).F...e.v..SVS#.'.Y2#.Z.....AH...KX.a.......hP%.....Xwju...[. ....=..g..c.........N..,........4'.k.......H'(K-...*).M=.9........T....|.W>..2.F0>..a.{...R.G....NR....)......pX2k....@0>p.URl......u..z...U1u..st....s"...X....Y......g..Y.0.Mh._j.9.u.FN.`..}....t..E7...M.l.x(O.wO...z!.....+1....R!V...O ../...$.r...dRV...\8Y..H....'..Ln.....V........:9@..}.*"9d'..C......M.|N.g...U1..[.N_g1. a.!^y(...t...e.h0.-.^M.....X.^.....M.9.3..7.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1269
                                                                                                                                                                      Entropy (8bit):7.823224348712713
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:heeqJLpA2mac0/GZEjrBPE83qnlk5ywpKeBVrQi2dKD3LjxewIYsydaloSttpVM:hoAuaSjrBPV3cm1BVrQn23LjxtL3itre
                                                                                                                                                                      MD5:65FBEE229FD38838D817622713B5A96D
                                                                                                                                                                      SHA1:5CD02E8AF0F6BEBCDD0AFC44638C4C171BF4FC73
                                                                                                                                                                      SHA-256:74CF0FA7F69387800256F04E4FC0509FD4BFFC2819A11CB5636FEF9104642097
                                                                                                                                                                      SHA-512:A00808E06A4386BA05FDC74E234973FC56DCB3567CC063A271BF7D644F0F7FFA73C910F94985301BF68B31B6450995A5265214689FB167C503DBAD8AE8338E9C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:M....vi..C.j...w...?.=...V8.....,d.m.K....J.q..Qj..Tp.....]..P?..i<*..z~..N.tsY4e..rE.Z.W.U\5.8.9F.o...s.Z..>....\.W\.BK.s.....@\.z..E=.yBK.r.M.......>I3.......LK...._K...M.....r_.Ty..KV1Kj..8.:4.cS..d=.Mu..E.R@<..V..........K9.WB...kb.X(&Z.......F..y.F..)_...wft..S@&.v*7<u..3}\...(c.b..#n.Ywr.......'.....*+...P_..a.&R...Lk.qV\...ml..K.jltS.....$. ....d.a...3..u.a..WS&.@...o....C......D...n.aI......D.....#......b.I2.._.)`.B9......l...-uV.x..0.l.z.j...../>?7Y......K...b4....oO.:.R..0C..0%..5..\)/.@..P.&+.~2.#.N.V..EE...G..G.o..6hQ.d.......Ml.G_.u.QQ.Uz.$7..)./L.."......}.j...:.8Rj..A...]..>5.jl..N.&.....`...Q.]w..@./.>7.)....w.|.Ty5;$.Q....3..>Le4..y..;..8od1.e..E.i....'@....h.,...b.FC.....I..'...@..[.}_........p..xi..g..|..h?..)."Z.IU>s.OH.1.d.Z^.. ...k......K.9.....y.%.8Z.).(..@.].sz.[=.}.......:..71i_Q.p.5....h....}I._.\.|.eL.-\.-.B.r..H.....U..Vrt9..d.y......+.T.b.7L1S.pZ...@...y.Y....b..-..5O.....[..9s..A.@.-^.....$V..k.b.CmQ.4/.d.:If.w..9...H$..$
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1272
                                                                                                                                                                      Entropy (8bit):7.853997919034241
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:0HqnrU3FQBG6vo54rAKmId68FWWXR39EhJEhgKRnrOz2alFVZVbynsloSttpVM:0OeeBT44LmId68FWWXRWnEhgKs3vZVbY
                                                                                                                                                                      MD5:4AFADB8D939883B9B4798F3F4B50C334
                                                                                                                                                                      SHA1:1A8BC236004321D64D9F0583D68456A10CAB3C59
                                                                                                                                                                      SHA-256:11DF236B85C431FE1694059BF8AC048F8C11D42F949A8131E40D6B74A13A0D41
                                                                                                                                                                      SHA-512:B5DBC6E28733F9580C8D9E3A18F21273B98D41E77DE7A755F88DFEB0A157C59B80BB5D145AE09A16C19BF206E232FF59E15ED1E9D6BD47F6F21C5A9218EF1B01
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Xe...~I|Cq.P.(es'..5.......SfnKb.Hf.zM.......M...*.M.E..b...7(../=C..xC*...6......'V.d-..gR.Hgt..}3...*...E..}.E../.a. F.7...........>.&....1.kW.u^fl...;....=.......{........u....<..........~Z%.5.$..+..Q..sY.~.,.;..V..K].....;W.`.*&7 %....]...l......j.:h4\.u...|....s)......f....l4.6t%...i..C w...*u.T...2.x.4.C.a..3. ...0.$.n....B.hh0..).y....a.tP.C.7.....E.3..(..d....]. .#uh.....(+.\.U...q<...a.!..._e.e;-g.x..e&.T.G.OR..?.e.".[...2.UP...-".;...v|.....kJ_....^......,..;...+.+..uU_.A&M*.Q.:..f.>.......S.....FV/T..Fj...N.....G1~`.%....W~.m.f./.....Y.....Vc.E.QL..K.+....^....Z...B..^6....kd..c.u...0..dr.....L.l....8,....CE.r?...a..fP.....!...X7...:2`2'..<...:...xdb+...?...c.%..F...s..E.R..`3.w*g....J...W..+... .7U.e.'...O....f5p.}.:c..9t.E.v......Z.N...l.=.x.P.VO..>cS.-..}g#\...=g@\G.+O......_Jp .m.h......O..k$......S.Z.|E'...o... .......q.X...3.P!.MQ....L...n.-..(..u.h.i..O..u..M6...#.....6...4..>$.........A.{.$]~n.B5...[.d....I.....(/
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1274
                                                                                                                                                                      Entropy (8bit):7.834049923726204
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:DD0J5uylGTbhXAVvvTte5dPQX3mRtk38zMTCz359ukhgqWSVlauqDVejEzMloStq:cJ5vlD3s5I3mRtk38zZzpwwgqbHaP8ER
                                                                                                                                                                      MD5:37E33125BB0DDB33D29994600DE062E9
                                                                                                                                                                      SHA1:0B03A7700CC9B5F9CEF97A2461BEB09F7A755702
                                                                                                                                                                      SHA-256:7739F972BCF84648DEE0362B0128EAE771453691D6236EC8CE885715CECE83EB
                                                                                                                                                                      SHA-512:6CBB9F667AB97CD5406C8666E8BE313FCE28D59A8E7FB76A2D7EADE3A2391EF87C89B0FC7D014309F329AD8129A536DF41BCC9DF87362D89EF551150196C2266
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..W.c.>.....}....z.H....Y..1B.2E.k./~4...@..l.}...2.k..Y.gpt$F....wz..[.....v.f...{.:o....h.G0.We.&hR...?.4.Q.........c..z..d..L7^3..Ry&.8Z]...C..zu.:..#9..cF.v.u...R..0.x..s'x.E.4....r...6`>....M......2&O...(..I.X.......q|.KY.."k....4rf.*...}...n`X..;....n|..~..&.C..@..l..6.....~5....M...y ....6.W..s_..5N.....N..z..uHW.;......2./..zpd!m6......,"...[..0.c....K..Z..gO...PS(....4...D5.*.JMm0..(..Kf.|'I.....\e...s.1l...[.o.......*~~.M2.T...XLl..I.Te.IP...O..,...X8*.P..F^..t......k..lp.8FU....`.`.`Y2].y-...}....e..L...I.m.W ;.8.`.S.,...Q..H.....?a...D..5.`.,..7.K.&..!...p9..W.I..H...v)|..Gp....MY..>^A....n..........S.8i"qB],.}...t..>.q.........| .......).*=.....5..qi..k|.m....n.J.)7....l..uU..u...Y...$>.TiRA..?)...]rT.$......8.. <....*..5."...A.rws..IIN..S.a.f..[.^:..qCg..(.nzI]....RX....}t<.S$.kM....eCTq....4.Ci..h..&W7-.y.#...qC......b.y......5......X;....G..d.:.R...~!E..@.5k@+U...WD.0.q..,fC.x.....8.u.......H.L.J.p...i.J....W,.z|,*..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1274
                                                                                                                                                                      Entropy (8bit):7.83527383565733
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:1B8vTj8WBASzEBk11hv8lPIyp0nSWaEfNlQAOSAGyrHO9ZS/k+sloSttpVM:1CTphEmv8lP/KnSWaoN+dRGelk7tre
                                                                                                                                                                      MD5:2B56C4966CC2D8DB5B688D9EF9961B07
                                                                                                                                                                      SHA1:BB128C8DF7AC08053B18A6BDC67DE3657FC1765D
                                                                                                                                                                      SHA-256:D6FFC4FD74E694F5CE3014855A29E8C73EFDE4ACA11F909F54E352F0ADD4F095
                                                                                                                                                                      SHA-512:38BB70F235CABDB054DBEDD8F0D5B94435F7EDE637F5A866AD757A9EFD148CD1BFB775B9F245480D032AB4EE74C7A150431FB410F5DFA0C45C15AF32BBF410C7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Fm..pe..M?}rTB.=.`.P.1.\[?....?8....{.08cd..5.jp....,..Xc.rF...RWj..-.0...c%...._n 9].* ..!._.1..xn.qk.>.....G~_.s.C-..g|..V...h.=....R......X...1O*.4._y...k.`...}Jz..p..9.$...D..EjO6....=......Jj.P...-<........d.G..y.K..~..?8.M..ZF?l....`..~Wn......3..Q...|.:.1->..Kf.:.f}a.......[....-..=......7r.x.3.......%..*.<.?Tyy.P.>..'......e....R..~..}...8.N....}.]%...R.'....?..4).....'hWu...5.$3~....\...+.gV....Wy...L..{.a..............8..I.z...M1.Gu.Ld..a0a+.......`n}.?^#..o...*.$j.dO..V.,A>....d!... %x..1....PA.D...3)..*.:,.F....X/...z.Up.X.(.=p..s...?......=..@...M.V.Vg.0..a....C...t...e..*....c.:.U.....z........`.hdik...czs..e..<-.Rz0x..!..{`c...'......{.&9.^k^.....X..!.%w.........1_..|......*..X.:....W..IO.e...v......Z.$..i...,I.bp.....:.+..)..ua...s...BQ^=...1.....W....j....[...K.s..".?....$.&4oe."+gK.I..:w.[.+.%>..EO...W...=UZ.....*.x.M(....=...h.&.J.Ep.D....!s/....e...@b.$.%...B.o..}jw.L..z..D.#..........8.'XL.........F..r.]
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1273
                                                                                                                                                                      Entropy (8bit):7.859204760050054
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:TiFvsvS3yLls0QDSGBuctE9FH1LFM3+t8LLHGtxGqyAakloSttpVM:CsvSi+NDtuctU90L+G/rgtre
                                                                                                                                                                      MD5:A6C6871D5E0C3E5B2630B228C1453BB1
                                                                                                                                                                      SHA1:C22B8741D1B4F5E08945F0735F23C0D11ACAA504
                                                                                                                                                                      SHA-256:61E6970DBBB485ED511570E2EC4020BD69FB027541DCDD830F5F00858B76BDBB
                                                                                                                                                                      SHA-512:BA5FE6E2D254E85DF18903D0F8A8CE21B55C0269815935D57B592DBC48436EBA782618D1298B72AE9F13DAF24213CF2B605C64CE56C8A8B9800FF566EDDB0902
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.{.......(K/.*./........Z....W*....;..mZ.x{.z.J,...V..g..lX.H.T1I.S#.27.T.....].H.>.G......]qV.w...<......DL...N.oy.].H...n....{.....W7.I.......Z...]ABB~..2.k.x#j.\..p%I:d.M.6..,.........A...;~..3..%.,JW....O..........}.......f/...f7.8..K.To,..S>.p.L..REg.IFw...^.dv...;.ANe).a...J....R/...@%>Y.t*.5e.......R.(`.Do[..x...7...f.M._E........w.......cu.......E......VD.9..........d.*.q&!Q.K..Kq0#.lP...=4.......R7.oN...[.(\..K;v....N...U.q&.L.c.(%H......|.;.+.@...{R{.a~&D......]..D........9............l..4.:...=B...G.!.7h.,M.w....m......`.'..).C./.3..N..l.kO{...:%gY..# _.d.$.....^q&.~.....&.mN.%...+..IK.~-...w.j.s2.>ORGN.0q.....*..B.......3...t....<#.3.....7i......<E..'.p.4....M.....).....7.5..3._]..."..6..$.d.ysV...j.).W..bY.A.)...8.8.j.......>..Z.q5.4..I,....U...m..?.?...O<..g...QA........(..;.......#.p..T..!5haGr.{9.1.=.....3}....Y.B...5.&@B....bM*.K.h....Q....v.9..y#2......w.V.......4d...P .Hd#(..S..%.p.|'1..M._.'..8..B....jX.".*J...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1270
                                                                                                                                                                      Entropy (8bit):7.844650277803266
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:dzyzF8CyPgfLBRHHdyfP4Kw9thPxKsLH1OqrNpctHGPDTMkfiRRnChJloSttpVM:dzQyoBRnwX4KwLhs2VrfctHHR1itre
                                                                                                                                                                      MD5:17A72B3E4D390A10703B19F68342A58F
                                                                                                                                                                      SHA1:D981EC655111BDA37FB0E6DBFBED4AF6B2AA346F
                                                                                                                                                                      SHA-256:A667C4424D4787C95D3BCF350B4C86FBC5A9366B50B8D9F7E20870C1DFF67E64
                                                                                                                                                                      SHA-512:F65765156D3CCD903EAC17A57573CE454B592FA669A5DF77DB3A99C3E8E2A787578E1AA6BB61AF4E964E00C085BC80EB7D667105EE8CFC232583FBD064E0CF12
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...3gF.K.iY;...HhBl. H.S......wj....sH....`..<.j.y..T#:........c.a.%[.J...=.)~...W.8lW"...p|.!&|...dH.h.0.+.......8..Z...l..%.....:..![JgcA..._.1....Nq....Ql..,W~.@...i.u.....)Z5.h.......>.l.,W.....?k.6....n.p{...$.*...!..4.D..-...."...^..2_+K54.k.e.s..[...."..j.H%.&.[`.,.s\.0.T..f.....{p.<I.jRjaQC.[...G.!Y..v.m.1E... .....GS/L........A..P#W.-.k...1.G./9{.....uc.l.Ram.G_|..(N.~....Ckev......9.&...@..."[..t.K{.PY..M..I.-....?....KY.E.(...$.....X...j...l.......b.... .Y.+#.o;...W0.....1.,z....24.q.*DR....G.I.......*j,.......t.UT./}......<.I.E_.1=.f....8..8..A..W...........b+ig.X.....@..x.b...g.N.=.x.,6M]......9..n.D.y.s.9_...M...B..I.6...H3.E.l.^.?-.Gyem.a\..qrX....W8P<.!........&.....C..Y..[.2k.Y..j...8..i*......z.^6.o.POR..s..BD.k..DI.p....F~).}.>?....U..pU...(.......u..I...y.s......&n#.}...[..kv.B.{..P.......J.......8...x....{.r..w...K..[u{..w....bD.....F..S.....k/...%..&9o...<...2$@zJ.<B.)......g..i.n).....9..1..a.g1"...6...q.
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1273
                                                                                                                                                                      Entropy (8bit):7.852012998637769
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:FBzpfZitOjfHKzdUVfqJG7+GkAOGKRezHYeA0OpHA+UyJVp+qFV0HloSttpVM:FB7UeVfZ7+GrO0z4efuHA+Ukp+qgtre
                                                                                                                                                                      MD5:F9BD986119CB56433773284FAECD746F
                                                                                                                                                                      SHA1:81F72D6272862784A1FAFAD84DEF72D573B7D0F3
                                                                                                                                                                      SHA-256:82E9A42415D0F046EE784AEA6A4D1A6EBF4B05B06A86FB5BF3C331F296C61CDD
                                                                                                                                                                      SHA-512:CAC4B236A8FE3D150D8C848A24BDA6B3AC3F8A18FB97527BA81B8696324F2CCE80669147AF169F33AD535B5530916C9C232CACBA33009C066C29FA481FEFAE8C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:+.[-.......3#%.3.....[.n+..@....S.X....Q......S.qC4.5.....h.IrR(.g.....m.C.M...,q..q....$\ ..i..F............Is[..Y.G$B.A...........%..v.z<.^...E\....?&:.,%[.._.n.........J$Gl.,.r./T...]9._..s..wQ.d...;r.${..cCZI..UI.o2r..,.!...1....._..P...6....e....H....\.....]A*.....;.6...T.O....IB[...F.hc[..".I.)HEr....%....D.Pf)..A.......R.m2.oh.#.D....K<.p.81... -....c..~/}...G..s...;..^R..G.....O.0...z\...........L|.$..&...A.....?k.g=M..@.i..1..p1..h.h......j~.&..U.FB.9..w.r^.l)..1.T...<.~9...!U.....6M>...N=....0X.(W&......R....d4.....`K......Ss..T ...'v.x.CX....U..Q;..Nr.h..h..~......mu...I.......^..H..T.?..D`.WS..6....:7...5W..R....J\..]...><..:.W.Y.!(rq.HB....*Z.wi9t.)j.<os.:.nF...N[......4....`Ie...P....KE..J)....$O..z.=.e.'..iV...:..ho........|pX..L....l..|.BN (....)...J.%.....m4*....e..G..(C..OP.y.`?....e...j...~.u.Z....b.M..&APS..\..LBe....E&.!..ik;.D'..T......m......0...K"b3.k...No.....H.W:}<......<...8r...5.f...v..).Xu...;.I.ge...
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):350
                                                                                                                                                                      Entropy (8bit):7.363723130358217
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:idKvCHit0jFX03pcuBBz+POI7PfXP8Tb4mgoXnLYgko2WEKqFCKZRQeEClVMn:idKvdypX0rBlwOOcT5ganioTE5ActLle
                                                                                                                                                                      MD5:CC1482F89E391F0E5682F99E25DA42F0
                                                                                                                                                                      SHA1:A6A6DAA39E38E8C54207CA7E9B2C19B73C44D192
                                                                                                                                                                      SHA-256:F3DF5187D46DB85F3846B55BE94ED0562A325018C99913A867B10C99F7FB2961
                                                                                                                                                                      SHA-512:C2685021BF610AB33C9FB8040F62AC64EA3BD3A8A9BEB68DC1C8E6453A41E2889A160A88C48A448702110C9B0663C6CD741F8986E0AFE742D8001FC8A9F37336
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..-0..}f.G.G......s....E.../-.< z.(...y$.f*.Y;1.+Y........A..{.....gE....1~P..;./...m.%......3...d.tA.i.(.".>.....V.]. $......;.../,..qw.w`".3(;8.fgm.f{3gK6jI.Qbi...!..q....b=t.rV+E........k...2.B.p.v..?^.i.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):443
                                                                                                                                                                      Entropy (8bit):7.466137997177439
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:UFhDP/e4QJlbI/QXtcWyscau6Oz3n+cXganioTE5ActLlVM:Ur/QAQdryPnjwloSttpVM
                                                                                                                                                                      MD5:EE0B8C353BA1905B8FF5E02EEB948596
                                                                                                                                                                      SHA1:2C78D0E162D161CC071F93198467612B51AF8F69
                                                                                                                                                                      SHA-256:1EB78ACF6565AA99CCB079E989FC639D249C1E507427A91A0B8E08CA1525D2AE
                                                                                                                                                                      SHA-512:A84371B5D121DDFF584E8E54DAD1789BD9C28C52C0CFC1EBBE54F51E5536912C573ED9B809AE8CF9126D37276194BD7AFC798CF49EACA86636B4A7D350E62238
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:q..W.......='S..)n3...S.,ZyHaK..................f..XL..V....%q..:.w......y#'.o....,fz@Q*.J.J..y..._.V.6.[D4..N..P.9...W.....N.........2..>.......[...xeQ....1...X...'D.8..|..F%.D....R.X..2.N....V+.&.1....M...9%K..j5.;../~..qw.w`".\....2.*..w...#c;Y...643..,3....1w[..G....n.....U....8.....e.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):355
                                                                                                                                                                      Entropy (8bit):7.394216508872281
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:W1tuNRVXigeO+bP9s+MliRT76fXrgoXnLYgko2WEKqFCKZRQeEClVMn:sgR9Dp+ba+TR6fXrganioTE5ActLlVM
                                                                                                                                                                      MD5:7A610C3352DAC4A1567E0C462A41BB33
                                                                                                                                                                      SHA1:812A56891860EC8C5D95E9A2E32D1F87AD5E6634
                                                                                                                                                                      SHA-256:C646A5C07595F44ABF7F41CA7CE4BABB0A09C752D6B44187F6D0E33CDED94899
                                                                                                                                                                      SHA-512:864FB7A411CF2DB0049089A73EB20B8DC6CDA373B8C0C2085F8E0547C2120CC066AB65993136ADA6608BBD1CE9C734EA9AD9C0FA82E22F435746EB92797A2D9A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.Cf......t...w..>(W.s...:..cn1.:.C..68...|....0.|`..}...6.....0......R7.rJ...O....=).._%FL.\.$.(..^.=aX.jwN`/...<.....W.v7[.....;. ...5~..#w.t`".0(;;..0.....`....N.h.......o~...2.0.v..5..r..P@=.Wu..u..nl.4.Y..l.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):347
                                                                                                                                                                      Entropy (8bit):7.3732502014043035
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:PLCJ/8rdnLhoOJmElMmMxj+XspnazdzapxvgoXnLYgko2WEKqFCKZRQeEClVMn:PLCJ/EoDEw1pnGdzaptganioTE5ActLk
                                                                                                                                                                      MD5:9F44B8007548C9BC739983D4FB5A7065
                                                                                                                                                                      SHA1:D84C47E86E1C8CA08055DA86E8F9924638A2EE3D
                                                                                                                                                                      SHA-256:7791E39F5E8C49BC645A4795A46CB1BEE8CD2B42A5E99A82E5D48CA20E8992F7
                                                                                                                                                                      SHA-512:035D9D22FB033769EAC60483FE3F67D7ED5B122D243D815189097FED129F986AD27DAF3AF7AD83411567474E9F60EF47E7F868AD40FE4BA5A32EB3926C513794
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.wY..X.1*CUl...m.....[G....A....9ma@.0.I.H.r>.:T....:.).a....9._C...B.J.D.Y.E].y{X.*.,....rA)w=.N.....n}... .Z".n.o6!})X..U.y!.;.../~..rw.tc".0.W........8.+.*.Oo6g#G..=mr...?.R.we|....&*.\rc....s....f.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):344
                                                                                                                                                                      Entropy (8bit):7.297208850554532
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:qZU524vPRH/lATikkjwYH4ZWPf4tcSjwljyXPRYxrWdycXgoXnLYgko2WEKqFCKY:WU/XRH921lIocMfRciXganioTE5ActLk
                                                                                                                                                                      MD5:75BBB1CC1EB7915E4CF5A84741D5F7BC
                                                                                                                                                                      SHA1:184751A823B003E3B139215BD979CFECCCB78C14
                                                                                                                                                                      SHA-256:2C3C1C93CC94CEF7E18520EC2BBEA5CA2C3167D91D8309C8EA4447DB8F31F608
                                                                                                                                                                      SHA-512:F61B8A7624762F261B9BABCA2908429496A51B6D29D24420ADFBC5B6C194E608A303EB64CCDD48EA8FC3145E70EC76B6C9E7F74FD7F03E8A6298FB5346534336
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ZIFMZ.9..._.2.J..rE;.]v....p...`,b.!...b..fa........5.b...u.`...wu/.v.D.....!\......9...1;..$....L.%.&.)....M...9%K..j5.;../~..qw.w`"...+,4.F..=E.:6.,...D.O@.|.O.1.....(-....\...U...6....qr.....'.e.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):353
                                                                                                                                                                      Entropy (8bit):7.4018088192985845
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:B0i6ZXTdUHG5D+FC7N3X2HR12UnVmU29Qd6ucXgoXnLYgko2WEKqFCKZRQeEClVM:CZZXRUm5C4B3X2j2OmN9zumganioTE5U
                                                                                                                                                                      MD5:0E04641FAD992AE0676C8A98E2D7F7AC
                                                                                                                                                                      SHA1:26163B9000B14A4FA9498800CB962E3383EF39D1
                                                                                                                                                                      SHA-256:2A3A5EA1E6C1AEC087DF72436094FD42590177F6E2036C6B424014EA5630276C
                                                                                                                                                                      SHA-512:F5F35196DC3984692063E5614E71F6EA24B8FFC4A2E9666AA3B2E102EFE348CAE27A477F926A4A62C2B54BBFD4869E2CFEFF77DD9C437FD48766A8350576F1F8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.7w$..Q..Q.b.._...R4#j..y..{.....>.Zq.....d.C...z.........>`..9j.(\..........G.5...?.q>.~"....l..YV...G......'.........]...{$....Y...../~..qw.t`!.0(88...........:.....[..{.TN..{.^5..9[C..g...=........e-.v.:.sm.`.s..k.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):349
                                                                                                                                                                      Entropy (8bit):7.390689074436748
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:9mCTPmFL5shJBiNGmGaJ1T6hbqFQbq/Q3VKW3IVPevCUOmgoXnLYgko2WEKqFCKY:0mEu31aISWkVpwganioTE5ActLlVM
                                                                                                                                                                      MD5:ACC53AF4EABD9634848AC3D0243D101F
                                                                                                                                                                      SHA1:BBF39EC76B8F1EC2CD07B6F220D2AC33F63E340A
                                                                                                                                                                      SHA-256:7296FF65A056BB168E6158E40274FC74D7013BF61002C646138BE6CB34146E8F
                                                                                                                                                                      SHA-512:E3B4E1E222574B05C673EDAD67EB516775B4C58273A7323D361F2A2F30CF456939E2234E83D4BBB6B5C6BAF1A2FC4029578B7EEC1B10DA8D342D35569731E85C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...%4...lT...u..yGe./.lj7).@m...\I...S..zc)G.1L..[|:.s.....9.....Q&.."...;i^...~=5...c..#!Z.u...W.u.c.};.*.;..k.~6!})[....{5.-...}~..qw.t`".0(;w.....2.).E}...1...-...)..;0.#{G).'....r|..\.e....'..`.......h.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):350
                                                                                                                                                                      Entropy (8bit):7.458350031726109
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:lF0Opy5DwnO3QlrDK8Sz/J7tkmgoXnLYgko2WEKqFCKZRQeEClVMn:f0OpIM+ss/1WmganioTE5ActLlVM
                                                                                                                                                                      MD5:023A27D87191B480529A7F6D6B16F000
                                                                                                                                                                      SHA1:21D606A5AF0178BE2DA23273B892C3DE6AA2C24D
                                                                                                                                                                      SHA-256:20288CCE86930697CDF517653B86507FC12AAE09A59AC31D033D2C299D9C06D8
                                                                                                                                                                      SHA-512:F0C1636B83B5A826558B2663E6D8AC3C8FCFD697F08A5C8FB6DAE2ED3C014480BD0429667A9B3381AD68008FBF0D463B91EC86CBA7B8A978E6C2B0D3DCB378E4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..&.V..?.U.-.F...D6.....f....j!...\.8..O..:)....".3r.4M..?.]2..x.......Q..-N.P.F.@.y.._.\.....d[.m...p.Z..)..=.8.6...o6}}rY.....7.-...}~..qw.t`".0(;A....>....]..5.D.c.w..]7>.J.RfmM....8....\.dm...a...C...n..M.v..h.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):356
                                                                                                                                                                      Entropy (8bit):7.426181904211928
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:Lw+QI4eeEAV7eSJswEkRAh3TO1iH9zRdNgoXnLYgko2WEKqFCKZRQeEClVMn:LT3XeZCrkRAhC1idzdganioTE5ActLle
                                                                                                                                                                      MD5:EFF2518E22528912D90335E86E51B2EA
                                                                                                                                                                      SHA1:5A9C2CE36C158D5CBE336998D4185A58CF686997
                                                                                                                                                                      SHA-256:9656CCE175516AD461D708A70E15AAFF5F6A743F8BE25040184E4B2A93B627A5
                                                                                                                                                                      SHA-512:285285A1E575771C0BB491793D1C5A46216DF24F883DC132B3C183E80E21617AF25CF68960A6703AF69AE5C861A633490D3C1C0EF7EE6567BAD26EE10A49272C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:p. .h.WmC.Ki.RC.B..L2.....}......0._...GT...#.....*...}y$+.5({...D..0J...}...zy1.'..z...J...4.......n....NU{.b>.&.4..r.o4kb=........*..5~..#w.t`".0(;;......)........J.K.t..e........x....u~.].........sS.V...&.I...l.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):350
                                                                                                                                                                      Entropy (8bit):7.352765407605016
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:G5hSH9OOityaUTP6i1rxS/ccF07KQIYSxwyrKi2OOKxgoXnLYgko2WEKqFCKZRQv:IhTOiT6jxSHF0SHnOKxganioTE5ActLk
                                                                                                                                                                      MD5:90A55BA14EAA34636249F848BA959A88
                                                                                                                                                                      SHA1:54B680F81BFFB8F1CF30AE93750FB6FC467592EA
                                                                                                                                                                      SHA-256:5B705FF20991922BDA64B4B086096768CCD90F5327D24A545A151DDAB90FAE27
                                                                                                                                                                      SHA-512:B5177558D9DB116108D70BD565F92C2130909DAA00A07CF5AFC33461D2FFAF2596CE33D06213EA00EA46ABB15F1324AEE4BB5F414A7292BCE23114F78D6AE133
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.'..{.c...(..2....W.7.B>%.....]}a......|\....G....'..?...a...]....D:Np...b..5.>..9..7L......7.-I_~.vb......$0. .*...h6j.rD.....7.-...}~..qw.t`".0(;.0.....3.e.d..T............jP......~4.w.2.nlCF..m.jz..ZZ>u.Kh.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1174
                                                                                                                                                                      Entropy (8bit):7.848787664903723
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:cgjvB7yF0Y5Z6QNv7g+f5ldAssXYond4fa+D4kloSttpVM:hjvwFJEq8wrdcXYoWfHPtre
                                                                                                                                                                      MD5:906966AA56AE66BD4DA69C34C505F2D2
                                                                                                                                                                      SHA1:2CF4B0D108B74D25CA868025E3E9D8D524ACFBD7
                                                                                                                                                                      SHA-256:E2664DF96690CE76479189ECDD91C6D6D5C8E1B6305668B14F3C675173832BBB
                                                                                                                                                                      SHA-512:650BA807EDA105E12A69E16635300C8B46DC342D6799356143A2993F7489CD4DC3407838035C7850DA1C11FB111B9942875A6F417031B01E94D695A68EBF6D2E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.|.....T..|>J:/:p..V.....=$..].).O.......(.Lu..MI..^>/x,.7DD.......$........~7}...B>..8.........U.e$...!..$|...4.>.5...p3....K4...V.+..%.....$D..8..sdM...V....!.....Z..>..am....[.i.8q.z.....r...qa.;rK..h......m...Gv?|..)o..j|.rM[I_..*.9.N.?^.i...]....&.w[......r.z........R.$*Sqw.......;e*...d.1Z.d.J|u.E..@.0".UA).`[.[.-..cas-.=.!........y.d.........ks.SR"H.s.].k.....K..\........2\.q.k..tU?..|...%YeA.=.6.a.....K.6u..9..E.,..W..d.g8..n..]C..7....R...b...+._-.KD...#.\%...C.} .w...m[.0.t.....o[...I.3.N..{...._..Y......).S...X......{2 V.b9.].['..N.2..Y...TS...........Yh...cvg...R...n..Q.......0C.[k....wc...Jq .e)f...o..v.h&..?.<;..N.Pb.......ppzx.....0..-.N.F.Y.Ie..........k....5\......1M....d....B..........x...r].....$~T..=s..F.k.8...r...7.X.y.(..O...k|.~mc..[f.%G...0A...k.$...... ..5....a..f..%...&.1.......v'Y...;p.|....*J..i`..U......)..5;....n...m(..,.8..xl...}.....;{G.c.N.X.8...N.b.._..L....5..):DrS.j...M.N..N.H.A.9.^3$.?7@c*..
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                      Entropy (8bit):5.275578161385763
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:keepXC1C8N/nfZ5eYzCk7R0tGBiSujHue34gq3FV9zzzBHLCED06INSNs/gJlKbL:bGgfZUqbl8ZTOhg+0ED0nNErJeBn
                                                                                                                                                                      MD5:B4709A56B9D7F431DA172316CDA720BE
                                                                                                                                                                      SHA1:D2132F7129A7003EC4C0392F0F08CD24EA353DA6
                                                                                                                                                                      SHA-256:192D1E6078570865531E8A4C9840A483C4A2AC35FE468107284991F6DA813191
                                                                                                                                                                      SHA-512:E390D51E95DB5E56C666A2895DC87DAB41D97E7CE3C0DF1F2466ABF14A651167232521AB5F52746D16BAB0EF14E6C0EE9DCFE29894604D695B0D064909378227
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.....!! ALL YOUR FILES ARE ENCRYPTED !!!..........You can't restore them without our decryptor...........Don't try to use any public tools, you could damage the files and lose them forever...........To make sure our decryptor works, contact us and decrypt one file for free...........Download TOX messenger: https://tox.chat/..........Add friend in TOX, ID: C95CA1986286917777625663BAE618AA883B64AD411FCB5DD8E93FA8C47E7F3D287985558F82
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):239
                                                                                                                                                                      Entropy (8bit):7.113510885366841
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:khi4J76b8DhtI8L7IWxCzRXgoXnLYgko2WEKqFCKZRQeEClVMn:kh1647I8XIWIzlganioTE5ActLlVM
                                                                                                                                                                      MD5:AAADBB7A5057733CCA52A89745B1B30F
                                                                                                                                                                      SHA1:20969B75BFD794C14A17F1A10F000B40F7BD218B
                                                                                                                                                                      SHA-256:38B962AE4D012DA985B8D12F416A6DC3BE33A2FD6E17B272920629CD095F1106
                                                                                                                                                                      SHA-512:B25216DDEA000AF6994B95EF5386475844F6ACBC073B4BCBBF8F4148CD6B1A37335EC47BCF354E75BB6526840CBB41F7D9553E0AC66BD2A79144152FAC97B3F2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.../^..6.,.*.....1..^U....+5.;.../~..qw.H.g...h7......"T..n.....P...:..S.&.J..l..::M8U.u..Z;zA.......a.h.]yY..q|:....\t.&(.....bRy&Z`..^3..G..`......,..KD.gP..........B.rE..x.....Zpm.4.:.W9.@...ix.&,]....|...D.6...(X..J.Y. .r0.i
                                                                                                                                                                      Process:C:\Windows\splwow64.exe
                                                                                                                                                                      File Type:Microsoft OOXML
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):13734641
                                                                                                                                                                      Entropy (8bit):7.892315940172254
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:196608:VwurJYA3Ad5YkXHA52nqdNn/cXJ/h3XPb+QP2fg:V17AdSkXg52nmNn/cXV1XD+dfg
                                                                                                                                                                      MD5:406FD4A5565D9D4FC3D361BAD9F8745B
                                                                                                                                                                      SHA1:1A57A104123A7B9A7DA3E3EEB5314D1F6884A437
                                                                                                                                                                      SHA-256:8EE209A64BE34823E53348C4432189154025D0B61A97E699DDB845A2B1FAB297
                                                                                                                                                                      SHA-512:2574D76A92542F916FF57D82A81AC202168C9CD199837127997ECE1290837834E530D35678FB391D28264C79C4370B7A5457E065F3F4E896CB5A25DA07DCFD2F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:PK........pC.X................[Content_Types].xml/[0].piece.....0..W..o.x .....e.(....Ql!..<...S^.MMw....#Nr.9....p..:..J.z..`3..DM....T.n..J..-c...3....&a#......PK....X.j...q...PK........pC.X................[Content_Types].xml/[1].piece..1..0....eE$....{e.C.&..X.........H\., .....o.T..i.."...K.s..4..VW...i+.Ak.....}....\.+..O?PK..K..jb...l...PK........pC.X................_rels/.rels/[0].pieceM.A..!.E.B.w...1.....9@...C!...?,].......f..4.qp.,.._^I...y?\`.....Cc.jF". .^...#g.T.A.e.c.........3.....PK...BpJl...y...PK........pC.X................_rels/.rels/[1].piece..K..0....9@&.....nk/.....O3S...s....L/'.UN...'.......P....UO:....=X......B..gD...c]...[..[..3..9.9a.... .....N.PK..4...u.......PK........pC.X................[Content_Types].xml/[2].piece-.A.. .F....p.u.q.&....!...m..[.n_^..kA.......>|.......f....`........}..F..(v.6.t...0-.n.C|@.N-.Z...PK....[Pm...{...PK........pC.X............%...FixedDocumentSequence.fdseq/[0].pieceU.M..0.F..fo&.....H.`..2.....H.o..p
                                                                                                                                                                      Process:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                      Entropy (8bit):3.690413476123046
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:8IlwBl55I2Y1AngSmjFRR:ry4GgV5RR
                                                                                                                                                                      MD5:9603A3C18E9683F466C033726B562168
                                                                                                                                                                      SHA1:9B4F0953691FCC5503373ED53E6AEABD75B273ED
                                                                                                                                                                      SHA-256:7F63399081FE40FF111086E8502BB30175FE4124327506172FCC41A43539CFD4
                                                                                                                                                                      SHA-512:730A640467C08E18D6CA865D44F8FDCAF10B0200806DD28AA17EB22173296DA8E3C4B3D793E5C3E827CE36C3E7E8153FB2832B7B88881E040ED9DB166FD535EC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....9.2.7.5.3.7.....\MAILSLOT\NET\GETDCFC0D97CE............ ....
                                                                                                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):22
                                                                                                                                                                      Entropy (8bit):4.186704345910024
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:otl5jxl:otTxl
                                                                                                                                                                      MD5:374F29B04678CC06277D09DEAA9B8A35
                                                                                                                                                                      SHA1:CD39AA258F4F9A18AF98FDE5EC198B568C7BEFC3
                                                                                                                                                                      SHA-256:26C79D45C066A4D3ED4D5CDF0879E7DC266A0D11880285A6244DF01E7E73FDC9
                                                                                                                                                                      SHA-512:47EE0A30D3913D293164C040F90C447F1A4E6394B7C07BAFB76965669D454B578CA932AAE5C7E3F9D8328069C7451AC3CA065B8A49CB9860C1281F87A77DA7BA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:C:\PROGRA~3\53F6.tmp..
                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Entropy (8bit):6.770102603083049
                                                                                                                                                                      TrID:
                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                      File name:Document.doc.scr.exe
                                                                                                                                                                      File size:199'168 bytes
                                                                                                                                                                      MD5:6fd558cf3add096970e15d1e62ca1957
                                                                                                                                                                      SHA1:78e95fabcfe8ef7bb6419f8456deccc3d5fa4c23
                                                                                                                                                                      SHA256:41e187191625d749b89a11bc04fc0b2a3b9bd638035d05b39365c47ab36d1898
                                                                                                                                                                      SHA512:fac7efe9b76f9b6a917f8751f5be64ad8e067e5404fe05f3e9d7781ea3661a06c0baaac676a6023eb4a0b7f01bc2bb2d64d572f85aec8ad8de35cc7f106e1fdc
                                                                                                                                                                      SSDEEP:3072:n6glyuxE4GsUPnliByocWepMhJL4BFkTGX:n6gDBGpvEByocWeyhJL4UK
                                                                                                                                                                      TLSH:B4146B21F246A8B3C42728F52A36E47173AA9F2D1D6D180FE6B53F0A6C715C32B15D4B
                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e..c............................o.............@..........................P......NU....@...........@....................
                                                                                                                                                                      Icon Hash:76d393391a9ba6ba
                                                                                                                                                                      Entrypoint:0x41946f
                                                                                                                                                                      Entrypoint Section:.itext
                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                      Time Stamp:0x631A9665 [Fri Sep 9 01:27:01 2022 UTC]
                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                      OS Version Minor:1
                                                                                                                                                                      File Version Major:5
                                                                                                                                                                      File Version Minor:1
                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                                                      Import Hash:41fb8cb2943df6de998b35a9d28668e8
                                                                                                                                                                      Instruction
                                                                                                                                                                      nop
                                                                                                                                                                      nop word ptr [eax+eax+00000000h]
                                                                                                                                                                      call 00007F4ECC6DA947h
                                                                                                                                                                      nop dword ptr [eax+00h]
                                                                                                                                                                      call 00007F4ECC6C7CDAh
                                                                                                                                                                      nop
                                                                                                                                                                      call 00007F4ECC6CB2C7h
                                                                                                                                                                      nop dword ptr [eax+00h]
                                                                                                                                                                      call 00007F4ECC6D8D86h
                                                                                                                                                                      nop word ptr [eax+eax+00h]
                                                                                                                                                                      push 00000000h
                                                                                                                                                                      call dword ptr [004255C8h]
                                                                                                                                                                      nop word ptr [eax+eax+00000000h]
                                                                                                                                                                      call 00007F4ECC6DA6E6h
                                                                                                                                                                      call 00007F4ECC6DA6D5h
                                                                                                                                                                      call 00007F4ECC6DA6C4h
                                                                                                                                                                      call 00007F4ECC6DA6D1h
                                                                                                                                                                      call 00007F4ECC6DA6BAh
                                                                                                                                                                      call 00007F4ECC6DA6B5h
                                                                                                                                                                      call 00007F4ECC6DA6B6h
                                                                                                                                                                      call 00007F4ECC6DA6CFh
                                                                                                                                                                      call 00007F4ECC6DA6C4h
                                                                                                                                                                      call 00007F4ECC6DA68Fh
                                                                                                                                                                      call 00007F4ECC6DA66Ch
                                                                                                                                                                      call 00007F4ECC6DA679h
                                                                                                                                                                      call 00007F4ECC6DA668h
                                                                                                                                                                      call 00007F4ECC6DA681h
                                                                                                                                                                      call 00007F4ECC6DA682h
                                                                                                                                                                      call 00007F4ECC6DA66Bh
                                                                                                                                                                      call 00007F4ECC6DA65Ah
                                                                                                                                                                      call 00007F4ECC6DA63Dh
                                                                                                                                                                      call 00007F4ECC6DA638h
                                                                                                                                                                      call 00007F4ECC6DA657h
                                                                                                                                                                      call 00007F4ECC6DA63Ah
                                                                                                                                                                      call 00007F4ECC6DA623h
                                                                                                                                                                      call 00007F4ECC6DA62Ah
                                                                                                                                                                      call 00007F4ECC6D91B5h
                                                                                                                                                                      call 00007F4ECC6D91BCh
                                                                                                                                                                      call 00007F4ECC6D9199h
                                                                                                                                                                      call 00007F4ECC6D91A0h
                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x1a2300x50.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x270000xc160.rsrc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x340000xfd0.reloc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x1a1200x1c.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x1a0000x70.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                      .text0x10000x17de80x17e00cfbda2c44e51b3b0b00bcbbc767c62a2False0.48375122709424084data6.634079266913224IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .itext0x190000x5460x6006f4cd57381bb5584c0a0755384d25180False0.251953125data2.9337361310958805IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .rdata0x1a0000x4920x600bd829aa493ecd52fe5bec776d207f206False0.3671875data3.5366359784052652IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .data0x1b0000xadc80xa000d3c33abbeb00d57121c94c4e2b7fe427False0.9828125SysEx File -7.986669783715181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                      .pdata0x260000x88e0xa00e121c50485a2bda0e0d029466d9c51d4False0.88046875data7.337131066444152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                      .rsrc0x270000xc1600xc2000498258b0cc68156e1295f5d17bb63e6False0.22473018685567012data4.478609900548174IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .reloc0x340000xfd00x10003f87e4c23650dfad0bee7da98889ba94False0.843505859375GLS_BINARY_LSB_FIRST6.738987246879603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                      RT_ICON0x271f00x176dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9296314824078706
                                                                                                                                                                      RT_ICON0x289600x4228Device independent bitmap graphic, 64 x 128 x 32, image size 00.0973665564478035
                                                                                                                                                                      RT_ICON0x2cb880x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.13340248962655601
                                                                                                                                                                      RT_ICON0x2f1300x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 00.16715976331360946
                                                                                                                                                                      RT_ICON0x30b980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.20309568480300189
                                                                                                                                                                      RT_ICON0x31c400x988Device independent bitmap graphic, 24 x 48 x 32, image size 00.2721311475409836
                                                                                                                                                                      RT_ICON0x325c80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 00.34244186046511627
                                                                                                                                                                      RT_ICON0x32c800x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.41932624113475175
                                                                                                                                                                      RT_GROUP_ICON0x330e80x76data0.7457627118644068
                                                                                                                                                                      DLLImport
                                                                                                                                                                      gdi32.dllSetPixel, SetDCBrushColor, SelectPalette, GetTextColor, GetDeviceCaps, CreateSolidBrush
                                                                                                                                                                      USER32.dllDefWindowProcW, CreateMenu, EndDialog, GetDlgItem, GetKeyNameTextW, GetMessageW, GetWindowTextW, IsDlgButtonChecked, LoadImageW, LoadMenuW, DialogBoxParamW
                                                                                                                                                                      KERNEL32.dllSetLastError, LoadLibraryW, GetTickCount, GetLastError, GetCommandLineW, GetCommandLineA, FreeLibrary
                                                                                                                                                                      No network behavior found

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Target ID:0
                                                                                                                                                                      Start time:08:19:02
                                                                                                                                                                      Start date:26/04/2024
                                                                                                                                                                      Path:C:\Users\user\Desktop\Document.doc.scr.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Document.doc.scr.exe"
                                                                                                                                                                      Imagebase:0xa30000
                                                                                                                                                                      File size:199'168 bytes
                                                                                                                                                                      MD5 hash:6FD558CF3ADD096970E15D1E62CA1957
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.2167543480.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                      • Rule: JoeSecurity_LockBit_ransomware, Description: Yara detected LockBit ransomware, Source: 00000000.00000000.1731561851.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: Windows_Ransomware_Lockbit_369e1e94, Description: unknown, Source: 00000000.00000000.1731561851.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:5
                                                                                                                                                                      Start time:08:19:31
                                                                                                                                                                      Start date:26/04/2024
                                                                                                                                                                      Path:C:\Windows\splwow64.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\splwow64.exe 12288
                                                                                                                                                                      Imagebase:0x7ff6bb5f0000
                                                                                                                                                                      File size:163'840 bytes
                                                                                                                                                                      MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:8
                                                                                                                                                                      Start time:08:19:45
                                                                                                                                                                      Start date:26/04/2024
                                                                                                                                                                      Path:C:\ProgramData\53F6.tmp
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\ProgramData\53F6.tmp"
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      File size:14'336 bytes
                                                                                                                                                                      MD5 hash:294E9F64CB1642DD89229FFF0592856B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                      • Detection: 83%, ReversingLabs
                                                                                                                                                                      • Detection: 83%, Virustotal, Browse
                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:9
                                                                                                                                                                      Start time:08:19:46
                                                                                                                                                                      Start date:26/04/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:/insertdoc "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\{176D7C24-A4D1-46CD-8C67-F702A592CA85}.xps" 133585859721470000
                                                                                                                                                                      Imagebase:0xaa0000
                                                                                                                                                                      File size:2'191'768 bytes
                                                                                                                                                                      MD5 hash:0061760D72416BCF5F2D9FA6564F0BEA
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      Target ID:10
                                                                                                                                                                      Start time:08:19:46
                                                                                                                                                                      Start date:26/04/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\53F6.tmp >> NUL
                                                                                                                                                                      Imagebase:0x240000
                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Target ID:11
                                                                                                                                                                      Start time:08:19:47
                                                                                                                                                                      Start date:26/04/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Reset < >

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:21.9%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:16.2%
                                                                                                                                                                        Total number of Nodes:1980
                                                                                                                                                                        Total number of Limit Nodes:12
                                                                                                                                                                        execution_graph 11392 a3aa20 11393 a3aa43 11392->11393 11394 a36844 RtlAllocateHeap 11393->11394 11397 a3ab2f 11393->11397 11395 a3ab03 11394->11395 11396 a3686c RtlFreeHeap 11395->11396 11395->11397 11396->11397 11398 a40220 11410 a4011d 11398->11410 11399 a4028d 11400 a3686c RtlFreeHeap 11399->11400 11402 a4029b 11399->11402 11400->11402 11401 a369e0 RtlAllocateHeap 11401->11410 11403 a40313 11402->11403 11404 a3686c RtlFreeHeap 11402->11404 11405 a40321 11403->11405 11406 a3686c RtlFreeHeap 11403->11406 11404->11403 11407 a4032f 11405->11407 11408 a3686c RtlFreeHeap 11405->11408 11406->11405 11408->11407 11409 a3f6d8 NtSetInformationThread NtClose 11409->11410 11410->11399 11410->11401 11410->11409 11411 a3b3c0 2 API calls 11410->11411 11412 a3686c RtlFreeHeap 11410->11412 11411->11410 11412->11410 11625 a38f66 11626 a38f68 RtlAdjustPrivilege 11625->11626 11627 a397d8 4 API calls 11626->11627 11628 a38fa0 11627->11628 11629 a39880 NtClose 11628->11629 11630 a39010 11628->11630 11632 a38fae 11629->11632 11631 a39035 11630->11631 11634 a38ecc 4 API calls 11630->11634 11632->11630 11633 a38fb7 NtSetInformationThread 11632->11633 11633->11630 11635 a38fcb 11633->11635 11634->11631 11636 a38da8 5 API calls 11635->11636 11637 a38fe0 11636->11637 11637->11630 11638 a39880 NtClose 11637->11638 11639 a38fee 11638->11639 11639->11630 11640 a38be0 2 API calls 11639->11640 11640->11630 11413 a3782a 11414 a3782c CoInitialize 11413->11414 11415 a37861 11414->11415 9292 a4946f 9293 a4947e 9292->9293 9300 a3639c 9293->9300 9297 a4948e 9396 a47458 9297->9396 9441 a35aec 9300->9441 9303 a363b6 RtlCreateHeap 9304 a3654d 9303->9304 9305 a363d1 9303->9305 9351 a39990 9304->9351 9306 a35aec 3 API calls 9305->9306 9307 a363ed 9306->9307 9307->9304 9449 a35da0 9307->9449 9310 a35da0 8 API calls 9311 a36419 9310->9311 9312 a35da0 8 API calls 9311->9312 9313 a3642a 9312->9313 9314 a35da0 8 API calls 9313->9314 9315 a3643b 9314->9315 9316 a35da0 8 API calls 9315->9316 9317 a3644c 9316->9317 9318 a35da0 8 API calls 9317->9318 9319 a3645d 9318->9319 9320 a35da0 8 API calls 9319->9320 9321 a3646e 9320->9321 9322 a35da0 8 API calls 9321->9322 9323 a3647f 9322->9323 9324 a35da0 8 API calls 9323->9324 9325 a36490 9324->9325 9326 a35da0 8 API calls 9325->9326 9327 a364a1 9326->9327 9328 a35da0 8 API calls 9327->9328 9329 a364b2 9328->9329 9330 a35da0 8 API calls 9329->9330 9331 a364c3 9330->9331 9332 a35da0 8 API calls 9331->9332 9333 a364d4 9332->9333 9334 a35da0 8 API calls 9333->9334 9335 a364e5 9334->9335 9336 a35da0 8 API calls 9335->9336 9337 a364f6 9336->9337 9338 a35da0 8 API calls 9337->9338 9339 a36507 9338->9339 9340 a35da0 8 API calls 9339->9340 9341 a36518 9340->9341 9342 a35da0 8 API calls 9341->9342 9343 a36529 9342->9343 9344 a35da0 8 API calls 9343->9344 9345 a3653a 9344->9345 9455 a3b444 9345->9455 9347 a36541 9458 a47738 9347->9458 9352 a39995 9351->9352 9505 a36f48 9352->9505 9354 a3999a 9538 a3b4dc CheckTokenMembership 9354->9538 9356 a399d7 9539 a36d40 9356->9539 9358 a399e6 9359 a399f4 9358->9359 9542 a3bb70 9358->9542 9359->9297 9360 a399b9 9360->9356 9600 a3b4fc 9360->9600 9363 a39a00 9545 a3b708 9363->9545 9372 a39a13 9376 a39a9f 9372->9376 9558 a3b1ac 9372->9558 9374 a39a3c 9374->9372 9613 a3ae74 9374->9613 9378 a3b674 NtQueryInformationToken 9376->9378 9391 a39ade 9376->9391 9388 a39acc 9378->9388 9387 a39a7a 9387->9376 9390 a3686c RtlFreeHeap 9387->9390 9388->9391 9637 a431e8 9388->9637 9392 a39a89 9390->9392 9572 a3c3f8 9391->9572 9393 a3686c RtlFreeHeap 9392->9393 9394 a39a94 9393->9394 9395 a3686c RtlFreeHeap 9394->9395 9395->9376 9397 a47482 9396->9397 9398 a47498 31 API calls 9397->9398 9399 a474a3 9397->9399 9408 a474b2 9397->9408 9700 a39bb0 9399->9700 9403 a47624 9769 a4205c 9403->9769 9404 a47631 9406 a47646 9404->9406 9407 a47637 9404->9407 9409 a47656 9406->9409 9410 a4764c 9406->9410 9411 a39bb0 14 API calls 9407->9411 9408->9403 9408->9404 9414 a47675 9409->9414 9415 a4765c 9409->9415 9853 a473ac 9410->9853 9412 a4763c 9411->9412 9820 a41ef4 9412->9820 9418 a47685 9414->9418 9419 a4767b 9414->9419 9864 a46fa0 9415->9864 9420 a476d8 9418->9420 9421 a4768b 9418->9421 9891 a4390c 9419->9891 9425 a476e7 9420->9425 9426 a476de 9420->9426 9424 a476ba 9421->9424 9898 a46da8 9421->9898 9424->9398 9912 a404b4 9424->9912 9943 a3a338 9425->9943 9428 a46bbc 2 API calls 9426->9428 9428->9398 9433 a4771c 9947 a42428 9433->9947 9434 a3a338 2 API calls 9436 a4770b 9434->9436 9436->9433 9437 a47710 9436->9437 9438 a39bb0 14 API calls 9437->9438 9439 a47715 9438->9439 9440 a47034 136 API calls 9439->9440 9440->9398 9442 a35afe 9441->9442 9443 a35b18 9441->9443 9444 a35aec 3 API calls 9442->9444 9445 a35b40 9443->9445 9446 a35aec 3 API calls 9443->9446 9444->9443 9447 a35c0a 9445->9447 9469 a35a84 9445->9469 9446->9445 9447->9303 9447->9304 9484 a35c24 9449->9484 9451 a35dcb 9451->9310 9452 a35aec 3 API calls 9453 a35ddb RtlAllocateHeap 9452->9453 9454 a35db5 9453->9454 9454->9451 9454->9452 9456 a3b458 NtSetInformationThread 9455->9456 9456->9347 9459 a47754 9458->9459 9499 a36844 9459->9499 9461 a36548 9464 a3b470 9461->9464 9462 a47764 9462->9461 9502 a3686c 9462->9502 9465 a35aec 3 API calls 9464->9465 9466 a3b495 9465->9466 9467 a3b4bb 9466->9467 9468 a3b49e NtProtectVirtualMemory 9466->9468 9467->9304 9468->9467 9470 a35ae2 9469->9470 9471 a35ab0 9469->9471 9470->9445 9471->9470 9476 a35a20 9471->9476 9473 a35ac4 9473->9470 9474 a35ad8 9473->9474 9479 a359d4 9474->9479 9477 a35a37 9476->9477 9478 a35a65 LdrLoadDll 9477->9478 9478->9473 9480 a359e3 9479->9480 9481 a35a04 LdrGetProcedureAddress 9479->9481 9483 a359ef LdrGetProcedureAddress 9480->9483 9482 a35a16 9481->9482 9482->9470 9483->9482 9485 a35c37 9484->9485 9487 a35c51 9484->9487 9486 a35aec 3 API calls 9485->9486 9486->9487 9488 a35c79 9487->9488 9489 a35aec 3 API calls 9487->9489 9490 a35aec 3 API calls 9488->9490 9493 a35ca1 9488->9493 9489->9488 9490->9493 9491 a35ce9 FindFirstFileW 9491->9493 9492 a35d5a 9492->9454 9493->9491 9493->9492 9494 a35d37 FindNextFileW 9493->9494 9495 a35d19 FindClose 9493->9495 9494->9493 9496 a35d4b FindClose 9494->9496 9497 a35a20 LdrLoadDll 9495->9497 9496->9493 9498 a35d30 9497->9498 9498->9454 9500 a3684c 9499->9500 9501 a3685a RtlAllocateHeap 9500->9501 9501->9462 9503 a36874 9502->9503 9504 a36882 RtlFreeHeap 9503->9504 9504->9461 9641 a36de8 9505->9641 9507 a36f60 9508 a37237 9507->9508 9509 a36844 RtlAllocateHeap 9507->9509 9508->9354 9514 a36f7d 9509->9514 9510 a3722f 9511 a3686c RtlFreeHeap 9510->9511 9511->9508 9512 a37221 9513 a3686c RtlFreeHeap 9512->9513 9513->9510 9514->9510 9514->9512 9515 a36844 RtlAllocateHeap 9514->9515 9516 a37000 9514->9516 9515->9516 9517 a37033 9516->9517 9518 a36844 RtlAllocateHeap 9516->9518 9519 a36844 RtlAllocateHeap 9517->9519 9520 a37066 9517->9520 9518->9517 9519->9520 9521 a37099 9520->9521 9522 a36844 RtlAllocateHeap 9520->9522 9524 a36844 RtlAllocateHeap 9521->9524 9525 a370cc 9521->9525 9522->9521 9523 a37132 9529 a37169 9523->9529 9530 a36844 RtlAllocateHeap 9523->9530 9524->9525 9526 a370ff 9525->9526 9527 a36844 RtlAllocateHeap 9525->9527 9526->9523 9528 a36844 RtlAllocateHeap 9526->9528 9527->9526 9528->9523 9529->9512 9531 a36844 RtlAllocateHeap 9529->9531 9530->9529 9532 a371a4 9531->9532 9532->9512 9644 a36ee4 9532->9644 9534 a371cc 9535 a36844 RtlAllocateHeap 9534->9535 9536 a371eb 9535->9536 9536->9512 9537 a3686c RtlFreeHeap 9536->9537 9537->9512 9538->9360 9540 a36844 RtlAllocateHeap 9539->9540 9541 a36d55 9540->9541 9541->9358 9543 a36844 RtlAllocateHeap 9542->9543 9544 a3bb81 9543->9544 9544->9363 9546 a3b715 9545->9546 9547 a39a0a 9546->9547 9548 a3b71c RtlAdjustPrivilege 9546->9548 9549 a3b674 9547->9549 9548->9546 9548->9547 9550 a3b68b 9549->9550 9551 a3b68f NtQueryInformationToken 9550->9551 9552 a39a0f 9550->9552 9551->9552 9552->9372 9553 a3b388 9552->9553 9653 a397d8 9553->9653 9555 a3b3a5 9556 a39a29 9555->9556 9663 a39880 9555->9663 9556->9372 9612 a3b4dc CheckTokenMembership 9556->9612 9559 a3b1ca 9558->9559 9560 a36844 RtlAllocateHeap 9559->9560 9562 a3b1d5 9560->9562 9561 a39a58 9561->9376 9630 a3b5b8 9561->9630 9562->9561 9563 a3686c RtlFreeHeap 9562->9563 9566 a3b1f6 9563->9566 9564 a3b350 9565 a3686c RtlFreeHeap 9564->9565 9565->9561 9566->9564 9670 a36e18 9566->9670 9568 a3b306 9569 a36e18 RtlAllocateHeap 9568->9569 9570 a3b32b 9569->9570 9571 a36e18 RtlAllocateHeap 9570->9571 9571->9564 9573 a39af3 9572->9573 9574 a3c418 9572->9574 9594 a3e2b8 9573->9594 9575 a36de8 RtlAllocateHeap 9574->9575 9576 a3c429 9575->9576 9576->9573 9577 a36844 RtlAllocateHeap 9576->9577 9582 a3c445 9577->9582 9578 a3c645 9579 a3686c RtlFreeHeap 9578->9579 9579->9573 9580 a3c636 9581 a3686c RtlFreeHeap 9580->9581 9581->9578 9582->9578 9582->9580 9583 a3c499 CreateFileW 9582->9583 9583->9580 9584 a3c4ed WriteFile 9583->9584 9584->9580 9585 a3c508 RegCreateKeyExW 9584->9585 9585->9580 9586 a3c531 RegSetValueExW 9585->9586 9588 a3c563 RegCreateKeyExW 9586->9588 9589 a3c62d NtClose 9586->9589 9588->9589 9591 a3c5de RegSetValueExW 9588->9591 9589->9580 9591->9589 9593 a3c612 SHChangeNotify 9591->9593 9593->9589 9595 a3e2d4 9594->9595 9673 a3e350 9595->9673 9597 a3e32a 9598 a39af8 9597->9598 9599 a3686c RtlFreeHeap 9597->9599 9598->9297 9599->9598 9602 a3b511 9600->9602 9601 a399ce 9601->9356 9606 a3babc 9601->9606 9602->9601 9603 a36844 RtlAllocateHeap 9602->9603 9604 a3b54a 9603->9604 9604->9601 9605 a3686c RtlFreeHeap 9604->9605 9605->9601 9607 a3bad1 9606->9607 9608 a3bb66 9607->9608 9677 a39740 9607->9677 9608->9356 9611 a3686c RtlFreeHeap 9611->9608 9612->9374 9614 a3aebf 9613->9614 9625 a3b074 9614->9625 9681 a3ac28 9614->9681 9616 a3aecd 9617 a3afbb 9616->9617 9618 a3b0cf 9616->9618 9616->9625 9619 a36de8 RtlAllocateHeap 9617->9619 9617->9625 9620 a36de8 RtlAllocateHeap 9618->9620 9618->9625 9621 a3afee 9619->9621 9622 a3b0fe 9620->9622 9624 a3686c RtlFreeHeap 9621->9624 9621->9625 9623 a3686c RtlFreeHeap 9622->9623 9622->9625 9623->9625 9626 a3b010 9624->9626 9625->9372 9626->9625 9627 a36de8 RtlAllocateHeap 9626->9627 9628 a3b056 9627->9628 9628->9625 9629 a3686c RtlFreeHeap 9628->9629 9629->9625 9632 a3b5cd 9630->9632 9631 a39a71 9631->9376 9636 a3b4dc CheckTokenMembership 9631->9636 9632->9631 9633 a36844 RtlAllocateHeap 9632->9633 9635 a3b606 9633->9635 9634 a3686c RtlFreeHeap 9634->9631 9635->9631 9635->9634 9636->9387 9638 a431f8 9637->9638 9640 a43256 9638->9640 9690 a42f58 9638->9690 9640->9391 9642 a36844 RtlAllocateHeap 9641->9642 9643 a36df9 9642->9643 9643->9507 9645 a36f0b 9644->9645 9650 a36e8c 9645->9650 9647 a36f2b 9648 a3686c RtlFreeHeap 9647->9648 9649 a36f3f 9648->9649 9649->9534 9651 a36844 RtlAllocateHeap 9650->9651 9652 a36eaf 9651->9652 9652->9647 9654 a36844 RtlAllocateHeap 9653->9654 9655 a397f6 9654->9655 9656 a397f9 NtQuerySystemInformation 9655->9656 9657 a3982c 9655->9657 9667 a36894 9655->9667 9656->9655 9660 a3980f 9656->9660 9659 a3686c RtlFreeHeap 9657->9659 9659->9660 9660->9555 9661 a3686c RtlFreeHeap 9660->9661 9662 a39872 9661->9662 9662->9555 9666 a398a5 9663->9666 9664 a39977 9664->9556 9665 a3996e NtClose 9665->9664 9666->9664 9666->9665 9668 a3689c 9667->9668 9669 a368aa RtlReAllocateHeap 9668->9669 9669->9655 9671 a36844 RtlAllocateHeap 9670->9671 9672 a36e2a 9671->9672 9672->9568 9674 a3e35c 9673->9674 9676 a3e369 9673->9676 9675 a36844 RtlAllocateHeap 9674->9675 9674->9676 9675->9676 9676->9597 9678 a39752 9677->9678 9680 a3977a 9677->9680 9679 a36844 RtlAllocateHeap 9678->9679 9679->9680 9680->9611 9682 a36844 RtlAllocateHeap 9681->9682 9686 a3ac4d 9682->9686 9683 a3ac83 9685 a3686c RtlFreeHeap 9683->9685 9684 a36894 RtlReAllocateHeap 9684->9686 9689 a3ac66 9685->9689 9686->9683 9686->9684 9686->9689 9687 a3686c RtlFreeHeap 9688 a3adb0 9687->9688 9688->9616 9689->9616 9689->9687 9692 a42f69 9690->9692 9691 a430f7 9691->9640 9692->9691 9694 a3b3c0 9692->9694 9695 a3b3d2 9694->9695 9696 a3b3cf 9694->9696 9695->9696 9697 a3b419 NtSetInformationThread 9695->9697 9696->9691 9698 a3b42f NtClose 9697->9698 9699 a3b42e 9697->9699 9698->9696 9699->9698 9701 a39bc3 9700->9701 9702 a39c5e 9700->9702 9984 a37fbc 9701->9984 9709 a47034 9702->9709 9704 a39c11 9706 a39c31 CreateMutexW 9704->9706 9988 a368ec 9706->9988 9707 a404b4 13 API calls 9707->9704 9721 a47051 9709->9721 9710 a47145 CreateThread CreateThread 9712 a47183 9710->9712 9713 a4717e 9710->9713 10484 a37468 GetLogicalDriveStringsW 9710->10484 10489 a3782c CoInitialize 9710->10489 9711 a4711a CreateThread 9711->9710 9715 a47135 9711->9715 10469 a38f68 RtlAdjustPrivilege 9711->10469 9717 a471a4 9712->9717 9718 a4718c CreateThread 9712->9718 9994 a37ca4 OpenSCManagerW 9713->9994 9714 a470bc 9720 a39c64 3 API calls 9714->9720 9726 a470ff 9714->9726 9715->9710 9725 a47221 9717->9725 10002 a3b734 9717->10002 9718->9717 10520 a37e58 9718->10520 9720->9726 9721->9714 9721->9726 10134 a39c64 9721->10134 9723 a4727f 9728 a472a3 9723->9728 9729 a47288 CreateThread 9723->9729 9724 a4726b NtTerminateThread 9724->9723 9725->9723 9725->9724 9726->9710 9726->9711 9733 a47392 9728->9733 9734 a472c3 9728->9734 9729->9728 10528 a39628 9729->10528 9732 a47201 9736 a47214 9732->9736 9742 a3e2b8 2 API calls 9732->9742 10159 a41934 9733->10159 9737 a472cc CreateThread 9734->9737 9760 a472e7 9734->9760 9749 a3e2b8 2 API calls 9736->9749 9737->9760 10491 a3c064 9737->10491 9741 a47339 9746 a3b674 NtQueryInformationToken 9741->9746 9745 a4720f 9742->9745 9744 a3e2b8 2 API calls 9750 a471f2 9744->9750 10058 a3fc88 9745->10058 9747 a4733e 9746->9747 9752 a47342 9747->9752 9753 a47349 9747->9753 9749->9725 10027 a40a38 9750->10027 10155 a38960 9752->10155 10095 a38230 9753->10095 9757 a47390 9757->9398 9759 a471f7 9761 a3e2b8 2 API calls 9759->9761 9760->9741 10080 a3da00 9760->10080 9762 a471fc 9761->9762 10034 a40be4 9762->10034 9764 a47347 9764->9757 10128 a39640 9764->10128 9768 a404b4 13 API calls 9768->9757 9770 a36934 RtlAllocateHeap 9769->9770 9772 a42074 9770->9772 9771 a4210d 9771->9398 9772->9771 9773 a420a5 9772->9773 9774 a42096 9772->9774 10693 a37428 9773->10693 10667 a40000 9774->10667 9778 a42105 9779 a3686c RtlFreeHeap 9778->9779 9779->9771 9780 a42122 9782 a3686c RtlFreeHeap 9780->9782 9781 a36844 RtlAllocateHeap 9818 a420ea 9781->9818 9782->9771 9783 a42196 9787 a3686c RtlFreeHeap 9783->9787 9784 a3a338 2 API calls 9784->9818 9785 a3a280 NtSetInformationThread NtClose 9785->9818 9786 a4236f 9788 a3686c RtlFreeHeap 9786->9788 9787->9771 9788->9771 9789 a4228e 9790 a3686c RtlFreeHeap 9789->9790 9790->9771 9791 a422a1 10705 a3a3dc 9791->10705 9792 a423a1 9798 a36984 RtlAllocateHeap 9792->9798 9793 a3686c RtlFreeHeap 9793->9818 9794 a42271 9795 a3686c RtlFreeHeap 9794->9795 9795->9771 9796 a422c5 9800 a42323 9796->9800 9801 a4232d 9796->9801 9797 a42382 9797->9792 9802 a42397 9797->9802 9803 a423fa 9798->9803 9806 a36984 RtlAllocateHeap 9800->9806 10709 a36a74 9801->10709 9808 a3686c RtlFreeHeap 9802->9808 9809 a3686c RtlFreeHeap 9803->9809 9812 a4232b 9806->9812 9808->9771 9813 a42403 9809->9813 9810 a422b8 9811 a3686c RtlFreeHeap 9810->9811 9811->9771 9814 a3686c RtlFreeHeap 9812->9814 9813->9771 9816 a4096c 11 API calls 9813->9816 9817 a4233e 9814->9817 9815 a3ab68 NtSetInformationThread NtClose 9815->9818 9816->9771 9817->9771 10713 a4096c 9817->10713 9818->9771 9818->9778 9818->9780 9818->9781 9818->9783 9818->9784 9818->9785 9818->9786 9818->9789 9818->9791 9818->9792 9818->9793 9818->9794 9818->9796 9818->9797 9818->9815 10699 a3a958 9818->10699 9821 a41d28 2 API calls 9820->9821 9822 a41f02 9821->9822 9823 a41f06 9822->9823 9824 a41f27 9822->9824 9825 a41f22 9823->9825 9827 a404b4 13 API calls 9823->9827 9826 a39640 2 API calls 9824->9826 9825->9398 9828 a41f2c 9826->9828 9827->9825 9829 a41f30 9828->9829 9830 a41f3a 9828->9830 9832 a47034 136 API calls 9829->9832 10722 a3b4dc CheckTokenMembership 9830->10722 9833 a41f35 9832->9833 9833->9398 9834 a42056 9834->9398 9835 a41ffe 10723 a40e30 9835->10723 9836 a41f3f 9836->9834 9838 a39c64 3 API calls 9836->9838 9841 a41fb5 9836->9841 9838->9841 9839 a39c64 3 API calls 9839->9835 9841->9835 9841->9839 9846 a40e98 3 API calls 9847 a42043 9846->9847 10771 a41170 9847->10771 9850 a38230 14 API calls 9851 a4204f 9850->9851 9852 a416ac 2 API calls 9851->9852 9852->9834 10810 a41be8 9853->10810 9856 a38230 14 API calls 9857 a473bf 9856->9857 9858 a3b674 NtQueryInformationToken 9857->9858 9860 a473d8 9858->9860 9859 a47450 9859->9398 9860->9859 9861 a39640 2 API calls 9860->9861 9862 a47430 9861->9862 9863 a404b4 13 API calls 9862->9863 9863->9859 9865 a43954 RtlAllocateHeap 9864->9865 9869 a46fb2 9865->9869 9866 a47021 9867 a4702f 9866->9867 9868 a3686c RtlFreeHeap 9866->9868 9879 a46bbc 9867->9879 9868->9867 9869->9866 9870 a46ff6 9869->9870 10823 a46490 9869->10823 10841 a43ea0 9870->10841 9876 a47017 9878 a43ea0 2 API calls 9876->9878 9878->9866 9880 a46bd0 9879->9880 9881 a46d9f 9879->9881 9882 a43954 RtlAllocateHeap 9880->9882 9881->9398 9886 a46be0 9882->9886 9883 a46c86 9884 a46d91 9883->9884 9885 a3686c RtlFreeHeap 9883->9885 9884->9881 9887 a3686c RtlFreeHeap 9884->9887 9885->9884 9886->9883 9888 a36844 RtlAllocateHeap 9886->9888 9887->9881 9889 a46ca8 9888->9889 9889->9883 11149 a46688 9889->11149 9892 a43954 RtlAllocateHeap 9891->9892 9896 a4391e 9892->9896 9893 a43942 9894 a43950 9893->9894 9895 a3686c RtlFreeHeap 9893->9895 9894->9398 9895->9894 9896->9893 11159 a43784 9896->11159 9899 a46dc4 9898->9899 9900 a36de8 RtlAllocateHeap 9899->9900 9901 a46ed5 9900->9901 9902 a36de8 RtlAllocateHeap 9901->9902 9911 a46ede 9901->9911 9903 a46eef 9902->9903 9907 a36de8 RtlAllocateHeap 9903->9907 9903->9911 9904 a46f7b 9906 a46f89 9904->9906 9908 a3686c RtlFreeHeap 9904->9908 9905 a3686c RtlFreeHeap 9905->9904 9909 a46f97 9906->9909 9910 a3686c RtlFreeHeap 9906->9910 9907->9911 9908->9906 9909->9424 9910->9909 9911->9904 9911->9905 9913 a404e9 9912->9913 9914 a36de8 RtlAllocateHeap 9913->9914 9915 a40562 9914->9915 9916 a36844 RtlAllocateHeap 9915->9916 9917 a4056b 9915->9917 9919 a40582 9916->9919 9918 a40930 9917->9918 9920 a3686c RtlFreeHeap 9917->9920 9921 a4093e 9918->9921 9923 a3686c RtlFreeHeap 9918->9923 9919->9917 11177 a40338 9919->11177 9920->9918 9924 a4094c 9921->9924 9926 a3686c RtlFreeHeap 9921->9926 9923->9921 9927 a4095a 9924->9927 9928 a3686c RtlFreeHeap 9924->9928 9925 a405b3 9925->9917 9929 a405d4 GetTempFileNameW CreateFileW 9925->9929 9926->9924 9927->9398 9928->9927 9929->9917 9930 a40619 WriteFile 9929->9930 9930->9917 9931 a40635 CreateProcessW 9930->9931 9931->9917 9933 a4069f NtQueryInformationProcess 9931->9933 9933->9917 9934 a406c3 NtReadVirtualMemory 9933->9934 9934->9917 9935 a406ea 9934->9935 9936 a36de8 RtlAllocateHeap 9935->9936 9937 a406f4 9936->9937 9937->9917 9938 a40758 NtProtectVirtualMemory 9937->9938 9938->9917 9939 a40784 NtWriteVirtualMemory 9938->9939 9939->9917 9940 a4079e 9939->9940 9940->9917 9941 a40829 CreateNamedPipeW 9940->9941 9941->9917 9942 a40895 ResumeThread ConnectNamedPipe 9941->9942 9942->9917 9944 a3a35b 9943->9944 9945 a3a375 9944->9945 9946 a3b3c0 2 API calls 9944->9946 9945->9433 9945->9434 9946->9945 9948 a36934 RtlAllocateHeap 9947->9948 9950 a42440 9948->9950 9949 a3a338 2 API calls 9949->9950 9950->9949 9951 a425bc 9950->9951 9953 a424db 9950->9953 9954 a424ee 9950->9954 9955 a3a280 NtSetInformationThread NtClose 9950->9955 9956 a424c6 9950->9956 9957 a425cf 9950->9957 9959 a424be 9950->9959 9960 a425ee 9950->9960 9964 a42512 9950->9964 9978 a3ab68 NtSetInformationThread NtClose 9950->9978 9981 a3686c RtlFreeHeap 9950->9981 9952 a3686c RtlFreeHeap 9951->9952 9952->9956 9958 a3686c RtlFreeHeap 9953->9958 9962 a3a3dc 2 API calls 9954->9962 9955->9950 9956->9398 9957->9960 9969 a425e4 9957->9969 9958->9956 9963 a3686c RtlFreeHeap 9959->9963 9961 a36984 RtlAllocateHeap 9960->9961 9965 a42647 9961->9965 9966 a42501 9962->9966 9963->9956 9967 a42570 9964->9967 9968 a4257a 9964->9968 9971 a3686c RtlFreeHeap 9965->9971 9966->9964 9972 a42505 9966->9972 9973 a36984 RtlAllocateHeap 9967->9973 9974 a36a74 RtlAllocateHeap 9968->9974 9970 a3686c RtlFreeHeap 9969->9970 9970->9956 9975 a42650 9971->9975 9976 a3686c RtlFreeHeap 9972->9976 9977 a42578 9973->9977 9974->9977 9975->9956 9980 a4096c 11 API calls 9975->9980 9976->9956 9979 a3686c RtlFreeHeap 9977->9979 9978->9950 9982 a4258b 9979->9982 9980->9956 9981->9950 9982->9956 9983 a4096c 11 API calls 9982->9983 9983->9956 9985 a37fd5 9984->9985 9987 a3808e 9985->9987 9991 a368c0 9985->9991 9987->9704 9987->9707 9989 a3686c RtlFreeHeap 9988->9989 9990 a368fb 9989->9990 9990->9702 9992 a36844 RtlAllocateHeap 9991->9992 9993 a368d6 9992->9993 9993->9987 9995 a37cd2 9994->9995 9996 a37dda 9994->9996 9998 a36844 RtlAllocateHeap 9995->9998 9997 a37df7 9996->9997 9999 a3686c RtlFreeHeap 9996->9999 9997->9712 10000 a37d01 9998->10000 9999->9997 10000->9996 10188 a3dc60 10000->10188 10003 a368c0 RtlAllocateHeap 10002->10003 10004 a3b73c 10003->10004 10005 a3b742 NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess 10004->10005 10006 a3b784 10004->10006 10007 a368ec RtlFreeHeap 10005->10007 10008 a3e1e8 10006->10008 10007->10006 10011 a3e1f5 10008->10011 10009 a3e25a 10009->9725 10009->9732 10014 a3a68c 10009->10014 10010 a3e22a CreateThread 10010->10011 10192 a3de78 SetThreadPriority 10010->10192 10011->10009 10011->10010 10012 a3b444 NtSetInformationThread 10011->10012 10013 a3e24b NtClose 10012->10013 10013->10011 10015 a3a6b3 GetVolumeNameForVolumeMountPointW 10014->10015 10017 a3a6f6 FindFirstVolumeW 10015->10017 10018 a3a947 10017->10018 10025 a3a712 10017->10025 10018->9744 10019 a3a72b GetVolumePathNamesForVolumeNameW 10019->10025 10020 a3a75c GetDriveTypeW 10020->10025 10021 a3a7fd CreateFileW 10022 a3a823 DeviceIoControl 10021->10022 10023 a3a916 NtClose 10021->10023 10022->10023 10022->10025 10023->10025 10024 a3a600 6 API calls 10024->10025 10025->10018 10025->10019 10025->10020 10025->10021 10025->10023 10025->10024 10200 a3a600 10025->10200 10029 a40a92 10027->10029 10028 a40b63 10028->9759 10029->10028 10032 a40b08 10029->10032 10212 a3b4dc CheckTokenMembership 10029->10212 10031 a40b0c 10031->9759 10032->10031 10213 a36984 10032->10213 10035 a40bf9 10034->10035 10036 a3a488 6 API calls 10035->10036 10037 a40c0b 10036->10037 10038 a36844 RtlAllocateHeap 10037->10038 10057 a40c11 10037->10057 10040 a40c23 10038->10040 10039 a40e0a 10042 a40e18 10039->10042 10043 a3686c RtlFreeHeap 10039->10043 10045 a3a488 6 API calls 10040->10045 10040->10057 10041 a3686c RtlFreeHeap 10041->10039 10044 a40e26 10042->10044 10047 a3686c RtlFreeHeap 10042->10047 10043->10042 10044->9732 10046 a40c40 10045->10046 10048 a36844 RtlAllocateHeap 10046->10048 10046->10057 10047->10044 10049 a40c5b 10048->10049 10050 a36844 RtlAllocateHeap 10049->10050 10049->10057 10052 a40c76 10050->10052 10053 a36984 RtlAllocateHeap 10052->10053 10055 a36984 RtlAllocateHeap 10052->10055 10056 a3b3c0 2 API calls 10052->10056 10052->10057 10217 a3a1c0 CreateThread 10052->10217 10054 a40cd2 CreateThread 10053->10054 10054->10052 10226 a3f308 GetFileAttributesW 10054->10226 10055->10052 10056->10052 10057->10039 10057->10041 10059 a3fcb4 10058->10059 10060 a36844 RtlAllocateHeap 10059->10060 10061 a3fcc1 10060->10061 10074 a3fcca 10061->10074 10388 a3f82c CoInitialize 10061->10388 10064 a3ffdb 10066 a3ffe9 10064->10066 10067 a3686c RtlFreeHeap 10064->10067 10065 a3686c RtlFreeHeap 10065->10064 10068 a3fff7 10066->10068 10070 a3686c RtlFreeHeap 10066->10070 10067->10066 10068->9736 10069 a36844 RtlAllocateHeap 10071 a3fcf7 10069->10071 10070->10068 10072 a36844 RtlAllocateHeap 10071->10072 10071->10074 10079 a3fd12 10072->10079 10073 a3f59c NtSetInformationThread NtClose 10073->10079 10074->10064 10074->10065 10076 a3f6d8 NtSetInformationThread NtClose 10076->10079 10077 a3b3c0 2 API calls 10077->10079 10078 a3686c RtlFreeHeap 10078->10079 10079->10073 10079->10074 10079->10076 10079->10077 10079->10078 10394 a369e0 10079->10394 10398 a3cedc 10080->10398 10082 a3da39 10089 a36de8 RtlAllocateHeap 10082->10089 10090 a3da42 10082->10090 10083 a3db6a 10084 a3db78 10083->10084 10086 a3686c RtlFreeHeap 10083->10086 10087 a3db86 10084->10087 10088 a3686c RtlFreeHeap 10084->10088 10085 a3686c RtlFreeHeap 10085->10083 10086->10084 10087->9741 10088->10087 10091 a3da8f 10089->10091 10090->10083 10090->10085 10091->10090 10092 a36844 RtlAllocateHeap 10091->10092 10093 a3dac5 10092->10093 10093->10090 10402 a3cfcc 10093->10402 10096 a3828b 10095->10096 10100 a38290 10095->10100 10097 a38909 10096->10097 10098 a3686c RtlFreeHeap 10096->10098 10099 a3686c RtlFreeHeap 10097->10099 10102 a38917 10097->10102 10098->10097 10099->10102 10100->10096 10441 a40e98 10100->10441 10102->9764 10103 a382ed 10103->10096 10104 a36844 RtlAllocateHeap 10103->10104 10105 a383cf 10104->10105 10105->10096 10106 a38401 10105->10106 10107 a383e7 10105->10107 10108 a36de8 RtlAllocateHeap 10106->10108 10109 a36de8 RtlAllocateHeap 10107->10109 10110 a383f1 10108->10110 10109->10110 10110->10096 10111 a38434 10110->10111 10113 a38448 10110->10113 10112 a3686c RtlFreeHeap 10111->10112 10112->10096 10113->10096 10114 a384fb DrawTextW 10113->10114 10114->10096 10115 a38523 10114->10115 10115->10096 10116 a3865d CreateFileW 10115->10116 10116->10096 10117 a38686 WriteFile 10116->10117 10117->10096 10118 a386a7 WriteFile 10117->10118 10118->10096 10119 a386c5 WriteFile 10118->10119 10119->10096 10120 a386e3 10119->10120 10448 a36c98 10120->10448 10122 a38705 10122->10096 10123 a38788 RegCreateKeyExW 10122->10123 10123->10096 10124 a387b9 10123->10124 10125 a387f2 RegSetValueExW 10124->10125 10125->10096 10126 a3881f 10125->10126 10127 a3887e RegSetValueExW 10126->10127 10127->10096 10131 a39669 10128->10131 10129 a39735 10129->9768 10130 a3686c RtlFreeHeap 10130->10129 10133 a39698 10131->10133 10454 a3c8c4 10131->10454 10133->10129 10133->10130 10136 a39c96 10134->10136 10135 a39c9a 10135->9714 10136->10135 10460 a43954 10136->10460 10138 a3a04a 10141 a3a05e 10138->10141 10143 a3686c RtlFreeHeap 10138->10143 10139 a39e11 10147 a3b674 NtQueryInformationToken 10139->10147 10154 a39e20 10139->10154 10140 a3686c RtlFreeHeap 10140->10138 10142 a3a072 10141->10142 10144 a3686c RtlFreeHeap 10141->10144 10145 a3a086 10142->10145 10146 a3686c RtlFreeHeap 10142->10146 10143->10141 10144->10142 10145->9714 10146->10145 10148 a39ee2 10147->10148 10149 a36de8 RtlAllocateHeap 10148->10149 10148->10154 10150 a39f25 10149->10150 10151 a36de8 RtlAllocateHeap 10150->10151 10150->10154 10152 a39f45 10151->10152 10153 a36de8 RtlAllocateHeap 10152->10153 10152->10154 10153->10154 10154->10138 10154->10140 10156 a38971 10155->10156 10157 a3b3c0 2 API calls 10156->10157 10158 a38b6c 10156->10158 10157->10158 10158->9764 10160 a36de8 RtlAllocateHeap 10159->10160 10164 a41967 10160->10164 10161 a41aa8 10163 a41ab6 10161->10163 10165 a3686c RtlFreeHeap 10161->10165 10162 a3686c RtlFreeHeap 10162->10161 10166 a41ac4 10163->10166 10168 a3686c RtlFreeHeap 10163->10168 10173 a41970 10164->10173 10463 a418b8 10164->10463 10165->10163 10176 a41d28 10166->10176 10168->10166 10169 a419a4 10170 a36934 RtlAllocateHeap 10169->10170 10169->10173 10171 a419bf 10170->10171 10172 a36de8 RtlAllocateHeap 10171->10172 10171->10173 10174 a41a25 10172->10174 10173->10161 10173->10162 10175 a3686c RtlFreeHeap 10174->10175 10175->10173 10177 a41e2c 10176->10177 10181 a41e5a 10177->10181 10466 a41c34 10177->10466 10179 a41eeb 10182 a416ac 10179->10182 10180 a3686c RtlFreeHeap 10180->10179 10181->10179 10181->10180 10183 a416c4 10182->10183 10184 a36de8 RtlAllocateHeap 10183->10184 10185 a416fe 10184->10185 10186 a41707 10185->10186 10187 a3686c RtlFreeHeap 10185->10187 10186->9757 10187->10186 10189 a3dcba 10188->10189 10190 a3dcd2 10189->10190 10191 a3dcbe NtTerminateProcess 10189->10191 10190->10000 10191->10190 10199 a3de8f 10192->10199 10193 a3def1 ReadFile 10193->10199 10194 a3e0aa WriteFile 10194->10199 10195 a3e150 NtClose 10195->10199 10196 a3dee2 10197 a3686c RtlFreeHeap 10197->10199 10198 a3e031 WriteFile 10198->10199 10199->10193 10199->10194 10199->10195 10199->10196 10199->10197 10199->10198 10203 a3a488 CreateThread 10200->10203 10202 a3a630 10202->10023 10204 a3a524 10203->10204 10206 a3a4c8 10203->10206 10211 a3a470 GetLogicalDriveStringsW 10203->10211 10204->10202 10205 a3a4fa ResumeThread 10208 a3a50e GetExitCodeThread 10205->10208 10206->10205 10207 a3b3c0 2 API calls 10206->10207 10209 a3a4d9 10207->10209 10208->10204 10209->10205 10210 a3a4dd 10209->10210 10210->10202 10212->10032 10214 a3699c 10213->10214 10215 a36844 RtlAllocateHeap 10214->10215 10216 a369b2 10214->10216 10215->10216 10216->10028 10218 a3a1f3 10217->10218 10219 a3a24f 10217->10219 10225 a3a1b0 GetDriveTypeW 10217->10225 10220 a3a225 ResumeThread 10218->10220 10221 a3b3c0 2 API calls 10218->10221 10219->10052 10222 a3a239 GetExitCodeThread 10220->10222 10223 a3a204 10221->10223 10222->10219 10223->10220 10224 a3a208 10223->10224 10224->10052 10227 a3f37f SetThreadPriority 10226->10227 10229 a3f321 10226->10229 10232 a3f38e 10227->10232 10228 a3f371 10230 a3686c RtlFreeHeap 10228->10230 10229->10228 10308 a3a094 FindFirstFileExW 10229->10308 10233 a3f379 10230->10233 10235 a36844 RtlAllocateHeap 10232->10235 10246 a3f3ad 10235->10246 10236 a3f34b 10237 a3c19c 10 API calls 10236->10237 10239 a3f355 10237->10239 10241 a3ef6c 14 API calls 10239->10241 10244 a3f36b 10241->10244 10242 a3686c RtlFreeHeap 10243 a3f3dd FindFirstFileExW 10242->10243 10243->10246 10245 a3686c RtlFreeHeap 10245->10246 10246->10242 10246->10245 10247 a3f54c 10246->10247 10249 a3f514 FindNextFileW 10246->10249 10252 a3f1c8 RtlAllocateHeap 10246->10252 10254 a3c19c 10246->10254 10273 a3f164 10246->10273 10277 a3ef6c 10246->10277 10248 a3686c RtlFreeHeap 10247->10248 10250 a3f56f 10248->10250 10249->10246 10251 a3f52c FindClose 10249->10251 10251->10246 10252->10246 10255 a3c1b8 10254->10255 10269 a3c1b3 10254->10269 10311 a36934 10255->10311 10258 a3c1d0 GetFileAttributesW 10259 a3c1e0 10258->10259 10260 a3c225 10259->10260 10261 a3c23e 10259->10261 10262 a3c28c 5 API calls 10260->10262 10263 a3c255 GetFileAttributesW 10261->10263 10272 a3c246 10261->10272 10264 a3c22d 10262->10264 10266 a3c262 10263->10266 10267 a3c26e CopyFileW 10263->10267 10268 a3686c RtlFreeHeap 10264->10268 10270 a3686c RtlFreeHeap 10266->10270 10271 a3686c RtlFreeHeap 10267->10271 10268->10269 10269->10246 10270->10272 10271->10269 10315 a3c28c CreateFileW 10272->10315 10274 a3f17c 10273->10274 10275 a36844 RtlAllocateHeap 10274->10275 10276 a3f192 10274->10276 10275->10276 10276->10246 10278 a3f155 10277->10278 10279 a3ef8d 10277->10279 10278->10246 10326 a3e3ac 10279->10326 10282 a3f14d 10284 a3686c RtlFreeHeap 10282->10284 10284->10278 10285 a3efa5 10285->10282 10286 a3efb9 10285->10286 10287 a3efcc 10285->10287 10359 a3ec00 10286->10359 10363 a3ece4 10287->10363 10290 a3efe7 MoveFileExW 10291 a3eff9 10290->10291 10297 a3efc7 10290->10297 10293 a3f051 CreateFileW 10291->10293 10307 a3f075 10291->10307 10292 a3f034 10295 a3686c RtlFreeHeap 10292->10295 10296 a3f07a 10293->10296 10293->10307 10294 a3686c RtlFreeHeap 10294->10297 10295->10291 10339 a3ed30 10296->10339 10297->10282 10297->10290 10297->10291 10297->10292 10297->10294 10299 a3ece4 RtlAllocateHeap 10297->10299 10298 a3686c RtlFreeHeap 10298->10282 10299->10297 10302 a3f0a3 CreateIoCompletionPort 10303 a3f0ba 10302->10303 10305 a3f0dc 10302->10305 10304 a3686c RtlFreeHeap 10303->10304 10304->10307 10306 a3686c RtlFreeHeap 10305->10306 10305->10307 10306->10307 10307->10282 10307->10298 10309 a3a0e5 10308->10309 10310 a3a0c5 FindClose 10308->10310 10309->10228 10309->10236 10310->10309 10312 a3694a 10311->10312 10313 a36961 10312->10313 10314 a36844 RtlAllocateHeap 10312->10314 10313->10258 10313->10269 10314->10313 10316 a3c3ed 10315->10316 10317 a3c2bd 10315->10317 10316->10269 10318 a3c2f5 WriteFile 10317->10318 10319 a3c31a 10318->10319 10320 a3c32c WriteFile 10318->10320 10319->10269 10321 a3c353 10320->10321 10322 a3c365 WriteFile 10320->10322 10321->10269 10323 a3c38a 10322->10323 10324 a3c39c WriteFile 10322->10324 10323->10269 10324->10317 10325 a3c3c3 10324->10325 10325->10269 10327 a3e3c5 SetFileAttributesW CreateFileW 10326->10327 10328 a3e3f3 10327->10328 10330 a3e40b 10327->10330 10328->10327 10328->10330 10367 a3de48 10328->10367 10330->10282 10331 a3e45c SetFileAttributesW CreateFileW 10330->10331 10332 a3e49c SetFilePointerEx 10331->10332 10334 a3e508 10331->10334 10333 a3e4bb ReadFile 10332->10333 10332->10334 10333->10334 10335 a3e4da 10333->10335 10334->10285 10336 a3e350 RtlAllocateHeap 10335->10336 10337 a3e4eb 10336->10337 10337->10334 10338 a3686c RtlFreeHeap 10337->10338 10338->10334 10341 a3ed60 10339->10341 10340 a3ed91 10343 a36844 RtlAllocateHeap 10340->10343 10341->10340 10342 a3e2b8 2 API calls 10341->10342 10342->10340 10350 a3ed9d 10343->10350 10344 a3686c RtlFreeHeap 10346 a3ef39 10344->10346 10345 a3ef47 10348 a3ef55 10345->10348 10349 a3686c RtlFreeHeap 10345->10349 10346->10345 10347 a3686c RtlFreeHeap 10346->10347 10347->10345 10348->10302 10348->10307 10349->10348 10351 a36844 RtlAllocateHeap 10350->10351 10358 a3eee4 10350->10358 10352 a3edfa 10351->10352 10353 a36844 RtlAllocateHeap 10352->10353 10352->10358 10354 a3ee29 10353->10354 10355 a36844 RtlAllocateHeap 10354->10355 10354->10358 10356 a3eedb 10355->10356 10357 a3686c RtlFreeHeap 10356->10357 10356->10358 10357->10358 10358->10344 10358->10346 10360 a3ec0d 10359->10360 10361 a36934 RtlAllocateHeap 10360->10361 10362 a3ec19 10361->10362 10362->10297 10364 a3ecf2 10363->10364 10365 a36934 RtlAllocateHeap 10364->10365 10366 a3ed01 10365->10366 10366->10297 10368 a3de53 10367->10368 10369 a3de60 10368->10369 10373 a3dce4 10368->10373 10371 a3de71 10369->10371 10372 a3de66 Sleep 10369->10372 10371->10328 10372->10371 10376 a3dd1b 10373->10376 10374 a3ddf0 10375 a3de3d 10374->10375 10377 a3686c RtlFreeHeap 10374->10377 10375->10369 10376->10374 10378 a36844 RtlAllocateHeap 10376->10378 10377->10375 10379 a3dd74 10378->10379 10379->10374 10380 a36894 RtlReAllocateHeap 10379->10380 10381 a3dd9d 10379->10381 10380->10379 10381->10374 10383 a3dc60 NtTerminateProcess 10381->10383 10384 a3db90 10381->10384 10383->10381 10386 a3dbb0 10384->10386 10385 a3dc2d 10385->10381 10386->10385 10387 a3dc60 NtTerminateProcess 10386->10387 10387->10385 10389 a3fa12 10388->10389 10391 a3f869 10388->10391 10389->10069 10389->10074 10390 a36844 RtlAllocateHeap 10390->10391 10391->10390 10392 a3f8ee 10391->10392 10392->10389 10393 a36844 RtlAllocateHeap 10392->10393 10393->10392 10395 a369f9 10394->10395 10396 a36844 RtlAllocateHeap 10395->10396 10397 a36a19 10396->10397 10397->10079 10399 a3cef8 10398->10399 10400 a36844 RtlAllocateHeap 10399->10400 10401 a3cf7d 10399->10401 10400->10401 10401->10082 10403 a3d01f 10402->10403 10404 a3d024 10402->10404 10406 a3d45e 10403->10406 10407 a3686c RtlFreeHeap 10403->10407 10404->10403 10405 a36844 RtlAllocateHeap 10404->10405 10413 a3d065 10405->10413 10408 a3d46c 10406->10408 10409 a3686c RtlFreeHeap 10406->10409 10407->10406 10410 a3d47a 10408->10410 10411 a3686c RtlFreeHeap 10408->10411 10409->10408 10412 a3d488 10410->10412 10414 a3686c RtlFreeHeap 10410->10414 10411->10410 10415 a3d496 10412->10415 10416 a3686c RtlFreeHeap 10412->10416 10413->10403 10429 a3d67c 10413->10429 10414->10412 10417 a3d4a4 10415->10417 10419 a3686c RtlFreeHeap 10415->10419 10416->10415 10417->10090 10419->10417 10420 a3d08e 10420->10403 10433 a3d4b0 10420->10433 10422 a3d0a1 10422->10403 10437 a3d638 10422->10437 10425 a36de8 RtlAllocateHeap 10426 a3d0cc 10425->10426 10426->10403 10427 a36844 RtlAllocateHeap 10426->10427 10428 a3686c RtlFreeHeap 10426->10428 10427->10426 10428->10426 10430 a3d6a7 10429->10430 10431 a36844 RtlAllocateHeap 10430->10431 10432 a3d7a4 10431->10432 10432->10420 10434 a3d540 10433->10434 10435 a36844 RtlAllocateHeap 10434->10435 10436 a3d57e 10435->10436 10436->10422 10438 a3d657 10437->10438 10439 a36de8 RtlAllocateHeap 10438->10439 10440 a3d0b4 10439->10440 10440->10403 10440->10425 10442 a40edf 10441->10442 10443 a40fee RegCreateKeyExW 10442->10443 10447 a40f2c 10442->10447 10444 a4101b RegQueryValueExW 10443->10444 10443->10447 10445 a4104a 10444->10445 10446 a41096 RegDeleteKeyExW 10445->10446 10445->10447 10446->10447 10447->10103 10449 a36cd2 NtQueryInformationToken 10448->10449 10450 a36cbb 10448->10450 10451 a36ccd 10449->10451 10450->10449 10450->10451 10452 a36d24 10451->10452 10453 a3686c RtlFreeHeap 10451->10453 10452->10122 10453->10452 10455 a3c8e5 10454->10455 10456 a36844 RtlAllocateHeap 10455->10456 10458 a3c8f5 10456->10458 10457 a3c917 10457->10133 10458->10457 10459 a3686c RtlFreeHeap 10458->10459 10459->10457 10461 a36844 RtlAllocateHeap 10460->10461 10462 a4396b 10461->10462 10462->10139 10464 a36844 RtlAllocateHeap 10463->10464 10465 a418ce 10464->10465 10465->10169 10467 a36844 RtlAllocateHeap 10466->10467 10468 a41c4e 10467->10468 10468->10181 10470 a397d8 4 API calls 10469->10470 10471 a38fa0 10470->10471 10472 a39010 10471->10472 10473 a39880 NtClose 10471->10473 10474 a39035 10472->10474 10544 a38ecc 10472->10544 10475 a38fae 10473->10475 10475->10472 10476 a38fb7 NtSetInformationThread 10475->10476 10476->10472 10478 a38fcb 10476->10478 10533 a38da8 10478->10533 10480 a38fe0 10480->10472 10481 a39880 NtClose 10480->10481 10482 a38fee 10481->10482 10482->10472 10538 a38be0 10482->10538 10485 a374b3 10484->10485 10486 a3748b 10484->10486 10486->10485 10487 a37494 GetDriveTypeW 10486->10487 10547 a374bc 10486->10547 10487->10486 10490 a37861 10489->10490 10492 a36de8 RtlAllocateHeap 10491->10492 10493 a3c080 10492->10493 10494 a3c16b 10493->10494 10496 a36844 RtlAllocateHeap 10493->10496 10495 a3c179 10494->10495 10497 a3686c RtlFreeHeap 10494->10497 10498 a3c187 10495->10498 10500 a3686c RtlFreeHeap 10495->10500 10502 a3c097 10496->10502 10497->10495 10499 a3c195 10498->10499 10501 a3686c RtlFreeHeap 10498->10501 10500->10498 10501->10499 10502->10494 10503 a3686c RtlFreeHeap 10502->10503 10504 a3c0c5 10503->10504 10505 a36844 RtlAllocateHeap 10504->10505 10506 a3c0d5 10505->10506 10506->10494 10507 a36ee4 2 API calls 10506->10507 10508 a3c0eb 10507->10508 10509 a3686c RtlFreeHeap 10508->10509 10510 a3c108 10509->10510 10607 a3bf94 10510->10607 10513 a3c14a 10515 a3bf94 8 API calls 10513->10515 10514 a3b3c0 2 API calls 10514->10513 10516 a3c155 10515->10516 10517 a3bf94 8 API calls 10516->10517 10518 a3c160 10517->10518 10519 a3bf94 8 API calls 10518->10519 10519->10494 10523 a37e60 10520->10523 10521 a36844 RtlAllocateHeap 10521->10523 10522 a37e72 NtQuerySystemInformation 10522->10523 10523->10521 10523->10522 10524 a36894 RtlReAllocateHeap 10523->10524 10525 a3686c RtlFreeHeap 10523->10525 10526 a3686c RtlFreeHeap 10523->10526 10524->10523 10525->10523 10527 a37f40 Sleep 10526->10527 10527->10523 10638 a391c8 10528->10638 10530 a3962d 10531 a3963c 10530->10531 10655 a390bc 10530->10655 10534 a397d8 4 API calls 10533->10534 10535 a38dd3 10534->10535 10536 a38de0 OpenSCManagerW 10535->10536 10537 a38df9 10535->10537 10536->10537 10537->10480 10537->10537 10539 a38c11 10538->10539 10541 a36844 RtlAllocateHeap 10539->10541 10543 a38c4d 10539->10543 10540 a38d9c 10540->10472 10541->10543 10542 a3686c RtlFreeHeap 10542->10540 10543->10540 10543->10542 10545 a397d8 4 API calls 10544->10545 10546 a38ee5 10545->10546 10546->10474 10555 a37590 10547->10555 10549 a37580 10549->10486 10550 a374d4 10550->10549 10551 a37506 FindFirstFileExW 10550->10551 10551->10549 10553 a3752e 10551->10553 10552 a3756c FindNextFileW 10552->10549 10552->10553 10553->10552 10561 a3766c 10553->10561 10556 a375b0 FindFirstFileExW 10555->10556 10558 a37662 10556->10558 10559 a3760e FindClose 10556->10559 10558->10550 10559->10558 10562 a3768e 10561->10562 10563 a37822 10562->10563 10564 a36844 RtlAllocateHeap 10562->10564 10563->10552 10569 a376a6 10564->10569 10565 a377fd 10566 a37814 10565->10566 10567 a3686c RtlFreeHeap 10565->10567 10566->10563 10568 a3686c RtlFreeHeap 10566->10568 10567->10566 10568->10563 10569->10565 10570 a376de FindFirstFileExW 10569->10570 10570->10565 10574 a37706 10570->10574 10571 a377e5 FindNextFileW 10571->10565 10571->10574 10572 a36844 RtlAllocateHeap 10572->10574 10573 a37780 GetFileAttributesW 10573->10574 10574->10571 10574->10572 10574->10573 10576 a3686c RtlFreeHeap 10574->10576 10577 a3766c 12 API calls 10574->10577 10578 a36668 10574->10578 10576->10574 10577->10574 10579 a3667e 10578->10579 10579->10579 10580 a3a094 2 API calls 10579->10580 10581 a36695 10580->10581 10582 a366a5 CreateFileW 10581->10582 10585 a367a5 10581->10585 10583 a366cd 10582->10583 10582->10585 10584 a366d2 NtAllocateVirtualMemory 10583->10584 10596 a36703 10583->10596 10584->10583 10584->10596 10586 a367d4 NtFreeVirtualMemory 10585->10586 10587 a367f9 10585->10587 10586->10585 10588 a36808 10587->10588 10589 a367ff NtClose 10587->10589 10598 a36550 10588->10598 10589->10588 10592 a36763 WriteFile 10594 a3677d SetFilePointerEx 10592->10594 10592->10596 10593 a36821 10595 a36836 10593->10595 10597 a3686c RtlFreeHeap 10593->10597 10594->10592 10594->10596 10595->10574 10596->10585 10596->10592 10597->10595 10599 a36934 RtlAllocateHeap 10598->10599 10600 a3656a 10599->10600 10601 a36573 10600->10601 10602 a36934 RtlAllocateHeap 10600->10602 10603 a3661e DeleteFileW 10601->10603 10604 a3686c RtlFreeHeap 10601->10604 10605 a36582 10602->10605 10603->10593 10604->10603 10605->10601 10606 a365df MoveFileExW 10605->10606 10606->10601 10606->10605 10608 a3bfb9 10607->10608 10609 a3c04f 10608->10609 10610 a36844 RtlAllocateHeap 10608->10610 10611 a3c05d 10609->10611 10612 a3686c RtlFreeHeap 10609->10612 10613 a3bfcb 10610->10613 10611->10513 10611->10514 10612->10611 10613->10609 10616 a3bed0 10613->10616 10621 a3bc38 10613->10621 10617 a36934 RtlAllocateHeap 10616->10617 10620 a3beec 10617->10620 10618 a3bf8a 10618->10613 10619 a3686c RtlFreeHeap 10619->10618 10620->10618 10620->10619 10622 a3bc60 10621->10622 10625 a36844 RtlAllocateHeap 10622->10625 10635 a3bc64 10622->10635 10623 a3bea1 DeleteDC 10624 a3beaa 10623->10624 10626 a3beb8 10624->10626 10627 a3686c RtlFreeHeap 10624->10627 10628 a3bc8d 10625->10628 10626->10613 10627->10626 10629 a3bce0 CreateDCW 10628->10629 10628->10635 10630 a3bcfd 10629->10630 10629->10635 10631 a3bd9e StartDocW 10630->10631 10632 a3bdce 10631->10632 10631->10635 10633 a3bdec 10632->10633 10636 a3be18 DrawTextA 10632->10636 10634 a3be6c EndDoc 10633->10634 10634->10635 10635->10623 10635->10624 10637 a3be5a EndPage 10636->10637 10637->10632 10637->10634 10639 a392a9 10638->10639 10640 a3946d RegCreateKeyExW 10639->10640 10641 a394c7 RegCreateKeyExW 10640->10641 10650 a394a1 RegEnumKeyW 10640->10650 10644 a395e2 10641->10644 10645 a395bc RegEnumKeyW 10641->10645 10644->10530 10645->10644 10649 a395e4 OpenEventLogW 10645->10649 10646 a394cc RegCreateKeyExW 10648 a394fa RegSetValueExW 10646->10648 10646->10650 10648->10650 10651 a3951c RegSetValueExW 10648->10651 10649->10645 10652 a395fc ClearEventLogW 10649->10652 10650->10641 10650->10646 10651->10650 10653 a3953a OpenEventLogW 10651->10653 10652->10645 10653->10650 10654 a39552 ClearEventLogW 10653->10654 10654->10650 10662 a3903c RtlAdjustPrivilege 10655->10662 10657 a39194 10658 a391b5 10657->10658 10659 a391ac CloseServiceHandle 10657->10659 10658->10531 10659->10658 10660 a390d5 10660->10657 10661 a3dc60 NtTerminateProcess 10660->10661 10661->10657 10663 a397d8 4 API calls 10662->10663 10664 a39074 10663->10664 10665 a39082 10664->10665 10666 a39880 NtClose 10664->10666 10665->10660 10666->10665 10718 a3f59c 10667->10718 10670 a3f59c 2 API calls 10671 a40080 10670->10671 10675 a400a8 10671->10675 10677 a3f59c 2 API calls 10671->10677 10672 a40313 10674 a40321 10672->10674 10676 a3686c RtlFreeHeap 10672->10676 10673 a3686c RtlFreeHeap 10673->10672 10678 a4032f 10674->10678 10680 a3686c RtlFreeHeap 10674->10680 10679 a36844 RtlAllocateHeap 10675->10679 10689 a400d1 10675->10689 10676->10674 10677->10675 10678->9398 10681 a400c8 10679->10681 10680->10678 10682 a36844 RtlAllocateHeap 10681->10682 10681->10689 10683 a400e3 10682->10683 10684 a3e1e8 9 API calls 10683->10684 10683->10689 10692 a400f6 10684->10692 10685 a369e0 RtlAllocateHeap 10685->10692 10686 a4028d 10687 a3686c RtlFreeHeap 10686->10687 10686->10689 10687->10689 10688 a3f6d8 NtSetInformationThread NtClose 10688->10692 10689->10672 10689->10673 10690 a3b3c0 2 API calls 10690->10692 10691 a3686c RtlFreeHeap 10691->10692 10692->10685 10692->10686 10692->10688 10692->10690 10692->10691 10694 a37433 10693->10694 10695 a36934 RtlAllocateHeap 10694->10695 10697 a37441 10695->10697 10696 a37464 10696->9818 10697->10696 10698 a3686c RtlFreeHeap 10697->10698 10698->10696 10700 a3a983 10699->10700 10701 a3a488 6 API calls 10700->10701 10702 a3a99a 10701->10702 10703 a36844 RtlAllocateHeap 10702->10703 10704 a3a9c9 10702->10704 10703->10704 10704->9818 10706 a3a3ff 10705->10706 10707 a3a419 10706->10707 10708 a3b3c0 2 API calls 10706->10708 10707->9796 10707->9810 10708->10707 10710 a36a8d 10709->10710 10711 a36844 RtlAllocateHeap 10710->10711 10712 a36aa3 10710->10712 10711->10712 10712->9812 10714 a3e1e8 9 API calls 10713->10714 10716 a40977 10714->10716 10715 a409c8 10715->9771 10716->10715 10717 a3b3c0 2 API calls 10716->10717 10717->10715 10719 a3f5f6 10718->10719 10720 a3b3c0 2 API calls 10719->10720 10721 a3f610 10719->10721 10720->10721 10721->10670 10721->10675 10722->9836 10724 a40e8d 10723->10724 10725 a40e48 10723->10725 10724->9834 10729 a41400 10724->10729 10726 a3c8c4 2 API calls 10725->10726 10727 a40e4d 10726->10727 10727->10724 10728 a3686c RtlFreeHeap 10727->10728 10728->10724 10781 a41240 10729->10781 10731 a41441 10732 a36de8 RtlAllocateHeap 10731->10732 10757 a41445 10731->10757 10740 a41454 10732->10740 10733 a415e0 10735 a415ee 10733->10735 10736 a3686c RtlFreeHeap 10733->10736 10734 a3686c RtlFreeHeap 10734->10733 10737 a415fc 10735->10737 10738 a3686c RtlFreeHeap 10735->10738 10736->10735 10739 a4160a 10737->10739 10741 a3686c RtlFreeHeap 10737->10741 10738->10737 10739->9834 10758 a41760 10739->10758 10740->10757 10803 a41611 10740->10803 10741->10739 10744 a36de8 RtlAllocateHeap 10745 a4149b 10744->10745 10746 a41611 RtlFreeHeap 10745->10746 10745->10757 10747 a414d4 10746->10747 10748 a36de8 RtlAllocateHeap 10747->10748 10749 a414de 10748->10749 10750 a41611 RtlFreeHeap 10749->10750 10749->10757 10751 a41521 10750->10751 10752 a36de8 RtlAllocateHeap 10751->10752 10753 a4152b 10752->10753 10754 a41611 RtlFreeHeap 10753->10754 10753->10757 10755 a4156b 10754->10755 10756 a36de8 RtlAllocateHeap 10755->10756 10756->10757 10757->10733 10757->10734 10759 a36de8 RtlAllocateHeap 10758->10759 10763 a41791 10759->10763 10760 a41890 10762 a4189e 10760->10762 10764 a3686c RtlFreeHeap 10760->10764 10761 a3686c RtlFreeHeap 10761->10760 10762->9834 10762->9846 10765 a418b8 RtlAllocateHeap 10763->10765 10767 a4179a 10763->10767 10764->10762 10766 a417ce 10765->10766 10766->10767 10768 a36de8 RtlAllocateHeap 10766->10768 10767->10760 10767->10761 10769 a41809 10768->10769 10770 a3686c RtlFreeHeap 10769->10770 10770->10767 10772 a41190 10771->10772 10773 a41195 10772->10773 10774 a36de8 RtlAllocateHeap 10772->10774 10775 a41219 10773->10775 10776 a3686c RtlFreeHeap 10773->10776 10779 a411a1 10774->10779 10777 a41227 10775->10777 10778 a3686c RtlFreeHeap 10775->10778 10776->10775 10777->9850 10778->10777 10779->10773 10780 a36de8 RtlAllocateHeap 10779->10780 10780->10773 10782 a4126f 10781->10782 10786 a41282 10781->10786 10783 a36de8 RtlAllocateHeap 10782->10783 10782->10786 10784 a4128d 10783->10784 10784->10786 10787 a36de8 RtlAllocateHeap 10784->10787 10785 a4130f 10785->10731 10786->10785 10807 a410cc 10786->10807 10789 a412a5 10787->10789 10789->10786 10791 a412b4 10789->10791 10790 a41336 10792 a36934 RtlAllocateHeap 10790->10792 10793 a36de8 RtlAllocateHeap 10791->10793 10794 a41345 10792->10794 10795 a412bd 10793->10795 10794->10785 10796 a36934 RtlAllocateHeap 10794->10796 10795->10731 10797 a41377 10796->10797 10797->10785 10798 a413bd 10797->10798 10799 a3686c RtlFreeHeap 10797->10799 10800 a413cb 10798->10800 10801 a3686c RtlFreeHeap 10798->10801 10799->10798 10800->10785 10802 a3686c RtlFreeHeap 10800->10802 10801->10800 10802->10785 10804 a41491 10803->10804 10805 a41617 10803->10805 10804->10744 10806 a3686c RtlFreeHeap 10805->10806 10806->10804 10808 a36844 RtlAllocateHeap 10807->10808 10809 a410e2 10808->10809 10809->10790 10811 a41bef 10810->10811 10814 a41b50 10811->10814 10813 a41c07 10813->9856 10815 a36844 RtlAllocateHeap 10814->10815 10816 a41b67 10815->10816 10817 a41b9d 10816->10817 10818 a36894 RtlReAllocateHeap 10816->10818 10820 a41b80 10816->10820 10819 a3686c RtlFreeHeap 10817->10819 10818->10816 10819->10820 10820->10813 10821 a3686c RtlFreeHeap 10820->10821 10822 a41be0 10821->10822 10822->10813 10827 a464b6 10823->10827 10824 a465f0 10824->9870 10825 a464ce 10825->10824 10826 a3686c RtlFreeHeap 10825->10826 10826->10824 10827->10825 10875 a46124 10827->10875 10842 a43fa4 10841->10842 10845 a43fd5 10842->10845 11136 a43d98 10842->11136 10844 a44066 10844->9866 10847 a44508 10844->10847 10845->10844 10846 a3686c RtlFreeHeap 10845->10846 10846->10844 10848 a4452e 10847->10848 10866 a44532 10848->10866 11139 a42af8 10848->11139 10850 a44684 10854 a44692 10850->10854 10857 a3686c RtlFreeHeap 10850->10857 10852 a36844 RtlAllocateHeap 10855 a44553 10852->10855 10853 a3686c RtlFreeHeap 10853->10850 10856 a446a0 10854->10856 10858 a3686c RtlFreeHeap 10854->10858 10859 a39640 2 API calls 10855->10859 10855->10866 10856->9876 10867 a446a8 10856->10867 10857->10854 10858->10856 10860 a44566 10859->10860 10861 a3f82c 2 API calls 10860->10861 10862 a4457f 10861->10862 10863 a36844 RtlAllocateHeap 10862->10863 10862->10866 10864 a4459d 10863->10864 10865 a36844 RtlAllocateHeap 10864->10865 10864->10866 10865->10866 10866->10850 10866->10853 10868 a446b9 10867->10868 10869 a448ba 10868->10869 10870 a39640 2 API calls 10868->10870 10869->9876 10871 a446c7 10870->10871 10871->10869 10872 a36de8 RtlAllocateHeap 10871->10872 10874 a446e1 10872->10874 10873 a3686c RtlFreeHeap 10873->10869 10874->10869 10874->10873 11107 a460a8 10875->11107 10877 a4616c 10878 a46450 10877->10878 10879 a3686c RtlFreeHeap 10877->10879 10880 a4645e 10878->10880 10881 a3686c RtlFreeHeap 10878->10881 10879->10878 10882 a4646c 10880->10882 10884 a3686c RtlFreeHeap 10880->10884 10881->10880 10885 a4647a 10882->10885 10886 a3686c RtlFreeHeap 10882->10886 10884->10882 10887 a46488 10885->10887 10889 a3686c RtlFreeHeap 10885->10889 10886->10885 10887->10825 10898 a45d28 10887->10898 10888 a36844 RtlAllocateHeap 10890 a461a8 10888->10890 10889->10887 10890->10877 10891 a36844 RtlAllocateHeap 10890->10891 10892 a46249 10891->10892 10892->10877 10893 a36844 RtlAllocateHeap 10892->10893 10894 a46299 10893->10894 10894->10877 10895 a36844 RtlAllocateHeap 10894->10895 10896 a46344 10895->10896 10896->10877 10897 a3686c RtlFreeHeap 10896->10897 10897->10877 10899 a45d8f 10898->10899 10900 a36de8 RtlAllocateHeap 10899->10900 10901 a45da4 10899->10901 10906 a45e1b 10900->10906 10902 a4608f 10901->10902 10903 a3686c RtlFreeHeap 10901->10903 10904 a4609d 10902->10904 10905 a3686c RtlFreeHeap 10902->10905 10903->10902 10904->10825 10908 a44c60 10904->10908 10905->10904 10906->10901 10907 a36de8 RtlAllocateHeap 10906->10907 10907->10901 10909 a36844 RtlAllocateHeap 10908->10909 10914 a44c93 10909->10914 10910 a44c9c 10911 a44e1b 10910->10911 10912 a3686c RtlFreeHeap 10910->10912 10913 a44e29 10911->10913 10916 a3686c RtlFreeHeap 10911->10916 10912->10911 10917 a44e37 10913->10917 10918 a3686c RtlFreeHeap 10913->10918 10914->10910 10915 a36844 RtlAllocateHeap 10914->10915 10919 a44cc6 10915->10919 10916->10913 10917->10825 10921 a45a84 10917->10921 10918->10917 10919->10910 10920 a36844 RtlAllocateHeap 10919->10920 10920->10910 10922 a36844 RtlAllocateHeap 10921->10922 10926 a45add 10922->10926 10923 a45caa 10925 a45cb8 10923->10925 10928 a3686c RtlFreeHeap 10923->10928 10924 a3686c RtlFreeHeap 10924->10923 10929 a45cc6 10925->10929 10930 a3686c RtlFreeHeap 10925->10930 10958 a45ae6 10926->10958 11113 a4497c 10926->11113 10928->10925 10931 a45cd4 10929->10931 10932 a3686c RtlFreeHeap 10929->10932 10930->10929 10933 a45ce2 10931->10933 10935 a3686c RtlFreeHeap 10931->10935 10932->10931 10934 a45cf0 10933->10934 10936 a3686c RtlFreeHeap 10933->10936 10937 a45cfe 10934->10937 10938 a3686c RtlFreeHeap 10934->10938 10935->10933 10936->10934 10939 a45d0c 10937->10939 10941 a3686c RtlFreeHeap 10937->10941 10938->10937 10939->10825 10960 a457b4 10939->10960 10940 a45b0e 10940->10958 11116 a44a30 10940->11116 10941->10939 10943 a45b3a 10944 a3686c RtlFreeHeap 10943->10944 10943->10958 10945 a45b5c 10944->10945 10946 a44a30 RtlAllocateHeap 10945->10946 10947 a45b75 10946->10947 10947->10958 11119 a44aa8 10947->11119 10949 a45bbd 10949->10958 11122 a44c08 10949->11122 10952 a36844 RtlAllocateHeap 10953 a45bf2 10952->10953 10954 a36de8 RtlAllocateHeap 10953->10954 10953->10958 10955 a45c0a 10954->10955 10956 a36844 RtlAllocateHeap 10955->10956 10955->10958 10957 a45c33 10956->10957 10957->10958 10959 a3686c RtlFreeHeap 10957->10959 10958->10923 10958->10924 10959->10957 10961 a36844 RtlAllocateHeap 10960->10961 10962 a457fc 10961->10962 10963 a36844 RtlAllocateHeap 10962->10963 10984 a45805 10962->10984 10974 a45814 10963->10974 10964 a45a22 10966 a45a30 10964->10966 10967 a3686c RtlFreeHeap 10964->10967 10965 a3686c RtlFreeHeap 10965->10964 10968 a45a3e 10966->10968 10970 a3686c RtlFreeHeap 10966->10970 10967->10966 10969 a45a4c 10968->10969 10971 a3686c RtlFreeHeap 10968->10971 10972 a45a5a 10969->10972 10973 a3686c RtlFreeHeap 10969->10973 10970->10968 10971->10969 10972->10825 10985 a44e50 10972->10985 10973->10972 10975 a36844 RtlAllocateHeap 10974->10975 10974->10984 10976 a45943 10975->10976 10977 a36de8 RtlAllocateHeap 10976->10977 10976->10984 10978 a4595b 10977->10978 10979 a3686c RtlFreeHeap 10978->10979 10978->10984 10980 a459a4 10979->10980 10981 a36844 RtlAllocateHeap 10980->10981 10982 a459bd 10981->10982 10983 a36de8 RtlAllocateHeap 10982->10983 10982->10984 10983->10984 10984->10964 10984->10965 10986 a36844 RtlAllocateHeap 10985->10986 10987 a44e98 10986->10987 10991 a4497c RtlAllocateHeap 10987->10991 11021 a44ea1 10987->11021 10988 a3686c RtlFreeHeap 10990 a45065 10988->10990 10989 a45073 10993 a45081 10989->10993 10995 a3686c RtlFreeHeap 10989->10995 10990->10989 10992 a3686c RtlFreeHeap 10990->10992 11004 a44ec9 10991->11004 10992->10989 10994 a4508f 10993->10994 10996 a3686c RtlFreeHeap 10993->10996 10997 a4509d 10994->10997 10998 a3686c RtlFreeHeap 10994->10998 10995->10993 10996->10994 10999 a450ab 10997->10999 11000 a3686c RtlFreeHeap 10997->11000 10998->10997 11001 a450b9 10999->11001 11002 a3686c RtlFreeHeap 10999->11002 11000->10999 11003 a450c7 11001->11003 11005 a3686c RtlFreeHeap 11001->11005 11002->11001 11003->10825 11024 a450e0 11003->11024 11004->11021 11127 a44920 11004->11127 11005->11003 11007 a44ef5 11008 a3686c RtlFreeHeap 11007->11008 11007->11021 11009 a44f17 11008->11009 11010 a44920 RtlAllocateHeap 11009->11010 11011 a44f30 11010->11011 11012 a44aa8 RtlAllocateHeap 11011->11012 11011->11021 11013 a44f78 11012->11013 11014 a44c08 RtlAllocateHeap 11013->11014 11013->11021 11015 a44f8d 11014->11015 11016 a36844 RtlAllocateHeap 11015->11016 11015->11021 11017 a44fad 11016->11017 11018 a36de8 RtlAllocateHeap 11017->11018 11017->11021 11019 a44fc5 11018->11019 11020 a36844 RtlAllocateHeap 11019->11020 11019->11021 11022 a44fee 11020->11022 11021->10988 11021->10990 11022->11021 11023 a3686c RtlFreeHeap 11022->11023 11023->11022 11025 a36844 RtlAllocateHeap 11024->11025 11035 a45143 11025->11035 11026 a4571b 11028 a45729 11026->11028 11029 a3686c RtlFreeHeap 11026->11029 11027 a3686c RtlFreeHeap 11027->11026 11030 a45737 11028->11030 11031 a3686c RtlFreeHeap 11028->11031 11029->11028 11032 a45745 11030->11032 11033 a3686c RtlFreeHeap 11030->11033 11031->11030 11034 a45753 11032->11034 11036 a3686c RtlFreeHeap 11032->11036 11033->11032 11037 a45761 11034->11037 11038 a3686c RtlFreeHeap 11034->11038 11047 a36844 RtlAllocateHeap 11035->11047 11056 a4514c 11035->11056 11036->11034 11039 a4576f 11037->11039 11040 a3686c RtlFreeHeap 11037->11040 11038->11037 11041 a4577d 11039->11041 11042 a3686c RtlFreeHeap 11039->11042 11040->11039 11043 a4578b 11041->11043 11045 a3686c RtlFreeHeap 11041->11045 11042->11041 11044 a45799 11043->11044 11046 a3686c RtlFreeHeap 11043->11046 11044->10825 11045->11043 11046->11044 11048 a451ff 11047->11048 11049 a4497c RtlAllocateHeap 11048->11049 11048->11056 11050 a45230 11049->11050 11050->11056 11130 a448c4 11050->11130 11052 a4525c 11053 a3686c RtlFreeHeap 11052->11053 11052->11056 11054 a4527e 11053->11054 11055 a448c4 RtlAllocateHeap 11054->11055 11057 a45297 11055->11057 11056->11026 11056->11027 11057->11056 11058 a44aa8 RtlAllocateHeap 11057->11058 11059 a452df 11058->11059 11059->11056 11060 a44c08 RtlAllocateHeap 11059->11060 11061 a452f4 11060->11061 11061->11056 11062 a36844 RtlAllocateHeap 11061->11062 11063 a4533d 11062->11063 11063->11056 11064 a36de8 RtlAllocateHeap 11063->11064 11065 a45355 11064->11065 11065->11056 11066 a36844 RtlAllocateHeap 11065->11066 11067 a45381 11066->11067 11067->11056 11068 a3686c RtlFreeHeap 11067->11068 11069 a45427 11068->11069 11070 a45435 11069->11070 11071 a3686c RtlFreeHeap 11069->11071 11072 a4544a 11070->11072 11073 a3686c RtlFreeHeap 11070->11073 11071->11070 11074 a4545f 11072->11074 11076 a3686c RtlFreeHeap 11072->11076 11073->11072 11075 a45474 11074->11075 11077 a3686c RtlFreeHeap 11074->11077 11078 a45489 11075->11078 11079 a3686c RtlFreeHeap 11075->11079 11076->11074 11077->11075 11080 a4549e 11078->11080 11081 a3686c RtlFreeHeap 11078->11081 11079->11078 11082 a454b3 11080->11082 11084 a3686c RtlFreeHeap 11080->11084 11081->11080 11083 a454c8 11082->11083 11085 a3686c RtlFreeHeap 11082->11085 11086 a36844 RtlAllocateHeap 11083->11086 11084->11082 11085->11083 11087 a454ef 11086->11087 11087->11056 11088 a4497c RtlAllocateHeap 11087->11088 11089 a45520 11088->11089 11089->11056 11133 a449c0 11089->11133 11091 a4554c 11091->11056 11092 a3686c RtlFreeHeap 11091->11092 11093 a45579 11092->11093 11094 a449c0 RtlAllocateHeap 11093->11094 11095 a45587 11094->11095 11095->11056 11096 a44aa8 RtlAllocateHeap 11095->11096 11097 a455cf 11096->11097 11097->11056 11098 a44c08 RtlAllocateHeap 11097->11098 11099 a455e4 11098->11099 11099->11056 11100 a36844 RtlAllocateHeap 11099->11100 11101 a4565b 11100->11101 11101->11056 11102 a36de8 RtlAllocateHeap 11101->11102 11103 a45673 11102->11103 11103->11056 11104 a36844 RtlAllocateHeap 11103->11104 11105 a4569c 11104->11105 11105->11056 11106 a3686c RtlFreeHeap 11105->11106 11106->11056 11108 a460c8 11107->11108 11109 a46108 11108->11109 11110 a36934 RtlAllocateHeap 11108->11110 11109->10877 11109->10888 11111 a460f1 11110->11111 11111->11109 11112 a36934 RtlAllocateHeap 11111->11112 11112->11109 11114 a36844 RtlAllocateHeap 11113->11114 11115 a44985 11114->11115 11115->10940 11117 a36844 RtlAllocateHeap 11116->11117 11118 a44a3c 11117->11118 11118->10943 11120 a36844 RtlAllocateHeap 11119->11120 11121 a44ab8 11120->11121 11121->10949 11123 a36844 RtlAllocateHeap 11122->11123 11124 a44c27 11123->11124 11125 a36844 RtlAllocateHeap 11124->11125 11126 a44c54 11124->11126 11125->11124 11126->10952 11126->10958 11128 a36844 RtlAllocateHeap 11127->11128 11129 a4492c 11128->11129 11129->11007 11131 a36844 RtlAllocateHeap 11130->11131 11132 a448d0 11131->11132 11132->11052 11134 a36844 RtlAllocateHeap 11133->11134 11135 a449cc 11134->11135 11135->11091 11137 a36844 RtlAllocateHeap 11136->11137 11138 a43db2 11137->11138 11138->10845 11140 a42b21 11139->11140 11142 a42b25 11140->11142 11143 a42954 11140->11143 11142->10852 11144 a4297b 11143->11144 11145 a397d8 4 API calls 11144->11145 11146 a4298b 11145->11146 11147 a397d8 4 API calls 11146->11147 11148 a4299f 11146->11148 11147->11148 11148->11142 11150 a466b6 11149->11150 11152 a46714 11150->11152 11156 a36de8 RtlAllocateHeap 11150->11156 11151 a46ba4 11154 a46bb2 11151->11154 11155 a3686c RtlFreeHeap 11151->11155 11152->11151 11153 a3686c RtlFreeHeap 11152->11153 11153->11151 11154->9883 11155->11154 11157 a467ec 11156->11157 11157->11152 11158 a36844 RtlAllocateHeap 11157->11158 11158->11152 11160 a437a7 11159->11160 11161 a42af8 4 API calls 11160->11161 11176 a437ab 11160->11176 11162 a437c2 11161->11162 11164 a36844 RtlAllocateHeap 11162->11164 11163 a438e9 11166 a438f7 11163->11166 11167 a3686c RtlFreeHeap 11163->11167 11169 a437cc 11164->11169 11165 a3686c RtlFreeHeap 11165->11163 11168 a43905 11166->11168 11170 a3686c RtlFreeHeap 11166->11170 11167->11166 11168->9893 11171 a3f82c 2 API calls 11169->11171 11169->11176 11170->11168 11172 a437e4 11171->11172 11173 a36844 RtlAllocateHeap 11172->11173 11172->11176 11174 a43802 11173->11174 11175 a36844 RtlAllocateHeap 11174->11175 11174->11176 11175->11176 11176->11163 11176->11165 11178 a40350 11177->11178 11179 a36844 RtlAllocateHeap 11178->11179 11180 a40371 11179->11180 11180->9925 11461 a3ac68 11462 a3ac50 11461->11462 11463 a3ac83 11462->11463 11464 a36894 RtlReAllocateHeap 11462->11464 11468 a3ac66 11462->11468 11465 a3686c RtlFreeHeap 11463->11465 11464->11462 11465->11468 11466 a3686c RtlFreeHeap 11467 a3adb0 11466->11467 11468->11466 11641 a43168 11643 a4317f 11641->11643 11642 a431ce 11643->11642 11644 a42af8 4 API calls 11643->11644 11644->11642 11425 a3f032 11429 a3effb 11425->11429 11426 a3efe7 MoveFileExW 11427 a3eff9 11426->11427 11426->11429 11430 a3f051 CreateFileW 11427->11430 11443 a3f075 11427->11443 11428 a3f034 11432 a3686c RtlFreeHeap 11428->11432 11429->11426 11429->11427 11429->11428 11431 a3686c RtlFreeHeap 11429->11431 11437 a3ece4 RtlAllocateHeap 11429->11437 11433 a3f07a 11430->11433 11430->11443 11431->11429 11432->11427 11439 a3ed30 2 API calls 11433->11439 11434 a3f14d 11436 a3686c RtlFreeHeap 11434->11436 11435 a3686c RtlFreeHeap 11435->11434 11438 a3f155 11436->11438 11437->11429 11440 a3f08f 11439->11440 11441 a3f0a3 CreateIoCompletionPort 11440->11441 11440->11443 11442 a3f0ba 11441->11442 11445 a3f0dc 11441->11445 11444 a3686c RtlFreeHeap 11442->11444 11443->11434 11443->11435 11444->11443 11445->11443 11446 a3686c RtlFreeHeap 11445->11446 11446->11443 11593 a3ddf2 11595 a3ddde 11593->11595 11594 a3ddf0 11596 a3de3d 11594->11596 11598 a3686c RtlFreeHeap 11594->11598 11595->11594 11597 a3db90 NtTerminateProcess 11595->11597 11599 a3dc60 NtTerminateProcess 11595->11599 11597->11595 11598->11596 11599->11595 11350 a3f8f0 11352 a3f8d2 11350->11352 11351 a36844 RtlAllocateHeap 11351->11352 11352->11351 11354 a3f8ee 11352->11354 11353 a3fa12 11354->11353 11355 a36844 RtlAllocateHeap 11354->11355 11355->11354 11447 a3e430 11449 a3e3f3 11447->11449 11448 a3e3c5 SetFileAttributesW CreateFileW 11448->11449 11451 a3e40b 11448->11451 11449->11448 11450 a3de48 5 API calls 11449->11450 11449->11451 11450->11449 11469 a44070 11474 a440b4 11469->11474 11470 a444e2 11472 a444f0 11470->11472 11473 a3686c RtlFreeHeap 11470->11473 11471 a3686c RtlFreeHeap 11471->11470 11475 a444fe 11472->11475 11476 a3686c RtlFreeHeap 11472->11476 11473->11472 11477 a36de8 RtlAllocateHeap 11474->11477 11480 a440d2 11474->11480 11476->11475 11478 a44186 11477->11478 11479 a36844 RtlAllocateHeap 11478->11479 11478->11480 11479->11480 11480->11470 11480->11471 11197 a3d88a 11198 a3d88c 11197->11198 11217 a3cd04 11198->11217 11201 a3cedc RtlAllocateHeap 11208 a3d8cb 11201->11208 11202 a3d9cc 11204 a3d9da 11202->11204 11205 a3686c RtlFreeHeap 11202->11205 11203 a3686c RtlFreeHeap 11203->11202 11206 a3d9e8 11204->11206 11207 a3686c RtlFreeHeap 11204->11207 11205->11204 11209 a3d9f6 11206->11209 11210 a3686c RtlFreeHeap 11206->11210 11207->11206 11211 a36de8 RtlAllocateHeap 11208->11211 11214 a3d8c1 11208->11214 11210->11209 11212 a3d921 11211->11212 11213 a36844 RtlAllocateHeap 11212->11213 11212->11214 11215 a3d974 11213->11215 11214->11202 11214->11203 11215->11214 11216 a3cfcc 2 API calls 11215->11216 11216->11214 11218 a36de8 RtlAllocateHeap 11217->11218 11219 a3cd56 11218->11219 11251 a3cd5f 11219->11251 11252 a3c658 11219->11252 11221 a3ce70 11224 a3ce7e 11221->11224 11226 a3686c RtlFreeHeap 11221->11226 11223 a3686c RtlFreeHeap 11223->11221 11227 a3ce8c 11224->11227 11229 a3686c RtlFreeHeap 11224->11229 11226->11224 11230 a3ce9a 11227->11230 11232 a3686c RtlFreeHeap 11227->11232 11229->11227 11233 a3cea8 11230->11233 11235 a3686c RtlFreeHeap 11230->11235 11231 a3c8c4 2 API calls 11234 a3cd79 11231->11234 11232->11230 11237 a3ceb6 11233->11237 11238 a3686c RtlFreeHeap 11233->11238 11287 a3c928 11234->11287 11235->11233 11239 a3cec4 11237->11239 11241 a3686c RtlFreeHeap 11237->11241 11238->11237 11242 a3ced2 11239->11242 11243 a3686c RtlFreeHeap 11239->11243 11240 a3cd81 11292 a3cb20 11240->11292 11241->11239 11242->11201 11242->11214 11243->11242 11247 a3cd99 11248 a36844 RtlAllocateHeap 11247->11248 11249 a3ce19 11248->11249 11250 a36894 RtlReAllocateHeap 11249->11250 11249->11251 11250->11251 11251->11221 11251->11223 11253 a3a488 6 API calls 11252->11253 11254 a3c68c 11253->11254 11255 a36844 RtlAllocateHeap 11254->11255 11265 a3c692 11254->11265 11256 a3c6a4 11255->11256 11259 a3a488 6 API calls 11256->11259 11256->11265 11257 a3686c RtlFreeHeap 11258 a3c832 11257->11258 11260 a3686c RtlFreeHeap 11258->11260 11261 a3c840 11258->11261 11263 a3c6c1 11259->11263 11260->11261 11262 a3c84e 11261->11262 11264 a3686c RtlFreeHeap 11261->11264 11278 a3c858 11262->11278 11263->11265 11266 a36de8 RtlAllocateHeap 11263->11266 11264->11262 11265->11257 11265->11258 11267 a3c6d6 11266->11267 11267->11265 11268 a36de8 RtlAllocateHeap 11267->11268 11269 a3c6ee 11268->11269 11269->11265 11270 a36844 RtlAllocateHeap 11269->11270 11271 a3c71f 11270->11271 11271->11265 11272 a36844 RtlAllocateHeap 11271->11272 11277 a3c748 11272->11277 11273 a3a1c0 6 API calls 11273->11277 11275 a3c7ff 11276 a36894 RtlReAllocateHeap 11275->11276 11276->11265 11277->11265 11277->11273 11277->11275 11299 a3a54c 11277->11299 11303 a3a108 11278->11303 11281 a36844 RtlAllocateHeap 11282 a3c88d 11281->11282 11283 a3a108 2 API calls 11282->11283 11286 a3c8b4 11282->11286 11284 a3c8a8 11283->11284 11285 a3686c RtlFreeHeap 11284->11285 11284->11286 11285->11286 11286->11231 11288 a36c98 2 API calls 11287->11288 11289 a3c951 11288->11289 11290 a36844 RtlAllocateHeap 11289->11290 11291 a3c955 11289->11291 11290->11291 11291->11240 11293 a3cbdb 11292->11293 11294 a36844 RtlAllocateHeap 11293->11294 11295 a3cc88 11293->11295 11294->11295 11296 a3ccb4 11295->11296 11297 a36844 RtlAllocateHeap 11296->11297 11298 a3ccc6 11297->11298 11298->11247 11300 a3a58f 11299->11300 11301 a3b3c0 2 API calls 11300->11301 11302 a3a5a9 11300->11302 11301->11302 11302->11277 11304 a3a13f 11303->11304 11305 a3a159 11304->11305 11306 a3b3c0 2 API calls 11304->11306 11305->11281 11306->11305 11307 a37e8a 11313 a37e60 11307->11313 11308 a37e72 NtQuerySystemInformation 11308->11313 11309 a36894 RtlReAllocateHeap 11309->11313 11310 a3686c RtlFreeHeap 11310->11313 11311 a3686c RtlFreeHeap 11312 a37f40 Sleep 11311->11312 11312->11313 11313->11308 11313->11309 11313->11310 11313->11311 11314 a36844 RtlAllocateHeap 11313->11314 11314->11313 11600 a3ddca 11605 a3dd81 11600->11605 11601 a3de3d 11602 a3ddf0 11602->11601 11604 a3686c RtlFreeHeap 11602->11604 11603 a36894 RtlReAllocateHeap 11603->11605 11604->11601 11605->11603 11607 a3dd9d 11605->11607 11606 a3db90 NtTerminateProcess 11606->11607 11607->11602 11607->11606 11608 a3dc60 NtTerminateProcess 11607->11608 11608->11607 11366 a3b6c8 11367 a3b715 11366->11367 11368 a3b71a 11367->11368 11369 a3b71c RtlAdjustPrivilege 11367->11369 11369->11367 11369->11368 11370 a396cd 11371 a396af 11370->11371 11372 a39735 11371->11372 11373 a3686c RtlFreeHeap 11371->11373 11373->11372 11315 a3d88c 11316 a3cd04 14 API calls 11315->11316 11317 a3d8b8 11316->11317 11318 a3cedc RtlAllocateHeap 11317->11318 11322 a3d8c1 11317->11322 11326 a3d8cb 11318->11326 11319 a3d9cc 11321 a3d9da 11319->11321 11323 a3686c RtlFreeHeap 11319->11323 11320 a3686c RtlFreeHeap 11320->11319 11324 a3d9e8 11321->11324 11325 a3686c RtlFreeHeap 11321->11325 11322->11319 11322->11320 11323->11321 11327 a3d9f6 11324->11327 11328 a3686c RtlFreeHeap 11324->11328 11325->11324 11326->11322 11329 a36de8 RtlAllocateHeap 11326->11329 11328->11327 11330 a3d921 11329->11330 11330->11322 11331 a36844 RtlAllocateHeap 11330->11331 11332 a3d974 11331->11332 11332->11322 11333 a3cfcc 2 API calls 11332->11333 11333->11322 11452 a39811 11457 a39813 11452->11457 11453 a397f9 NtQuerySystemInformation 11453->11457 11458 a3980f 11453->11458 11454 a3982c 11456 a3686c RtlFreeHeap 11454->11456 11455 a36894 RtlReAllocateHeap 11455->11457 11456->11458 11457->11453 11457->11454 11457->11455 11459 a3686c RtlFreeHeap 11458->11459 11460 a39872 11459->11460 11645 a47556 11667 a4752b 11645->11667 11646 a47624 11648 a4205c 16 API calls 11646->11648 11647 a47631 11649 a47646 11647->11649 11650 a47637 11647->11650 11658 a4762c 11648->11658 11651 a47656 11649->11651 11652 a4764c 11649->11652 11653 a39bb0 14 API calls 11650->11653 11656 a47675 11651->11656 11657 a4765c 11651->11657 11655 a473ac 27 API calls 11652->11655 11654 a4763c 11653->11654 11659 a41ef4 136 API calls 11654->11659 11655->11658 11661 a47685 11656->11661 11662 a4767b 11656->11662 11660 a46fa0 5 API calls 11657->11660 11659->11658 11665 a47661 11660->11665 11663 a476d8 11661->11663 11664 a4768b 11661->11664 11666 a4390c 5 API calls 11662->11666 11669 a476e7 11663->11669 11670 a476de 11663->11670 11668 a476ba 11664->11668 11675 a46da8 2 API calls 11664->11675 11671 a46bbc 2 API calls 11665->11671 11666->11658 11667->11646 11667->11647 11668->11658 11676 a404b4 13 API calls 11668->11676 11673 a3a338 2 API calls 11669->11673 11672 a46bbc 2 API calls 11670->11672 11671->11658 11672->11658 11674 a476f8 11673->11674 11677 a4771c 11674->11677 11678 a3a338 2 API calls 11674->11678 11675->11668 11676->11658 11679 a42428 12 API calls 11677->11679 11680 a4770b 11678->11680 11679->11658 11680->11677 11681 a47710 11680->11681 11682 a39bb0 14 API calls 11681->11682 11683 a47715 11682->11683 11684 a47034 136 API calls 11683->11684 11684->11658 11569 a3df94 11576 a3de8f 11569->11576 11570 a3def1 ReadFile 11570->11576 11571 a3e0aa WriteFile 11571->11576 11572 a3e150 NtClose 11572->11576 11573 a3686c RtlFreeHeap 11573->11576 11574 a3e031 WriteFile 11574->11576 11575 a3dee2 11576->11570 11576->11571 11576->11572 11576->11573 11576->11574 11576->11575 11374 a3fedb 11375 a3fd52 11374->11375 11376 a369e0 RtlAllocateHeap 11375->11376 11377 a3f59c NtSetInformationThread NtClose 11375->11377 11378 a3f6d8 NtSetInformationThread NtClose 11375->11378 11384 a3ff71 11375->11384 11386 a3b3c0 2 API calls 11375->11386 11387 a3686c RtlFreeHeap 11375->11387 11376->11375 11377->11375 11378->11375 11379 a3ffdb 11381 a3ffe9 11379->11381 11382 a3686c RtlFreeHeap 11379->11382 11380 a3686c RtlFreeHeap 11380->11379 11383 a3fff7 11381->11383 11385 a3686c RtlFreeHeap 11381->11385 11382->11381 11384->11379 11384->11380 11385->11383 11386->11375 11387->11375

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 9 a404b4-a40569 call a3164c call a36de8 18 a40570-a40589 call a36844 9->18 19 a4056b 9->19 27 a40590-a405a3 call a48c34 18->27 28 a4058b 18->28 20 a408e9-a408f0 19->20 22 a408f2 20->22 23 a408fe-a40905 20->23 22->23 25 a40907 23->25 26 a40913-a40917 23->26 25->26 30 a40922-a40926 26->30 31 a40919 26->31 35 a405a5 27->35 36 a405aa-a405ba call a40338 27->36 28->20 33 a40930-a40934 30->33 34 a40928-a4092b call a3686c 30->34 31->30 38 a40936-a40939 call a3686c 33->38 39 a4093e-a40942 33->39 34->33 35->20 48 a405c1-a40612 GetTempFileNameW CreateFileW 36->48 49 a405bc 36->49 38->39 42 a40944-a40947 call a3686c 39->42 43 a4094c-a40950 39->43 42->43 46 a40952-a40955 call a3686c 43->46 47 a4095a-a40960 43->47 46->47 52 a40614 48->52 53 a40619-a4062e WriteFile 48->53 49->20 52->20 54 a40635-a4064e 53->54 55 a40630 53->55 57 a40650-a40655 54->57 55->20 58 a40657-a40698 CreateProcessW 57->58 59 a40659-a4065b 57->59 61 a4069f-a406bc NtQueryInformationProcess 58->61 62 a4069a 58->62 59->57 63 a406c3-a406e3 NtReadVirtualMemory 61->63 64 a406be 61->64 62->20 65 a406e5 63->65 66 a406ea-a406fb call a36de8 63->66 64->20 65->20 69 a40702-a4077d call a492f4 call a49348 call a4941c NtProtectVirtualMemory 66->69 70 a406fd 66->70 77 a40784-a40797 NtWriteVirtualMemory 69->77 78 a4077f 69->78 70->20 79 a4079e-a407fa 77->79 80 a40799 77->80 78->20 82 a40801-a40822 79->82 83 a407fc 79->83 80->20 85 a40824 82->85 86 a40829-a40891 CreateNamedPipeW 82->86 83->20 85->20 87 a40895-a408ae ResumeThread ConnectNamedPipe 86->87 88 a40893 86->88 89 a408b0-a408bb 87->89 90 a408bf-a408dc 87->90 88->20 89->90 91 a408bd 89->91 93 a408e0 90->93 94 a408de 90->94 91->20 93->20 94->20
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: D
                                                                                                                                                                        • API String ID: 0-2746444292
                                                                                                                                                                        • Opcode ID: be2665131d5a3bc2cff91d7b699c9883d0fde4a594be090e37dcccb9d0e74e88
                                                                                                                                                                        • Instruction ID: c9403c0106987f2b69c1443bc21121b086738effed540fd0cb9fd472b9a46852
                                                                                                                                                                        • Opcode Fuzzy Hash: be2665131d5a3bc2cff91d7b699c9883d0fde4a594be090e37dcccb9d0e74e88
                                                                                                                                                                        • Instruction Fuzzy Hash: EBE15875900218EFEF60DFA0CD09FEEBBB9BB48305F1040A5E209A60A1D7755A85EF91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 233 a391c8-a3949b call a31240 * 5 RegCreateKeyExW 244 a394a1 233->244 245 a3957d-a39581 233->245 248 a394a8-a394c5 RegEnumKeyW 244->248 246 a39583 245->246 247 a3958c-a395ba RegCreateKeyExW 245->247 246->247 249 a39615-a39619 247->249 250 a395bc 247->250 251 a394c7 248->251 252 a394cc-a394f8 RegCreateKeyExW 248->252 253 a39624-a39627 249->253 254 a3961b 249->254 255 a395c3-a395e0 RegEnumKeyW 250->255 251->245 256 a39575-a39578 252->256 257 a394fa-a3951a RegSetValueExW 252->257 254->253 258 a395e2 255->258 259 a395e4-a395fa OpenEventLogW 255->259 256->248 260 a39566-a3956a 257->260 261 a3951c-a39538 RegSetValueExW 257->261 258->249 263 a39610-a39613 259->263 264 a395fc-a39607 ClearEventLogW 259->264 260->256 262 a3956c 260->262 261->260 265 a3953a-a39550 OpenEventLogW 261->265 262->256 263->255 264->263 265->260 266 a39552-a3955d ClearEventLogW 265->266 266->260
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000,?,00000007,?,00000004,?,00000019,?), ref: 00A39493
                                                                                                                                                                        • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 00A394BA
                                                                                                                                                                        • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 00A394F0
                                                                                                                                                                        • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000004,00000000,00000004), ref: 00A39512
                                                                                                                                                                        • RegSetValueExW.KERNELBASE(00000000,?,00000000,00000001,?,00000064), ref: 00A39530
                                                                                                                                                                        • OpenEventLogW.ADVAPI32(00000000,?), ref: 00A39543
                                                                                                                                                                        • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 00A39557
                                                                                                                                                                        • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,0002011F,00000000,00000000,00000000), ref: 00A395B2
                                                                                                                                                                        • RegEnumKeyW.ADVAPI32(00000000,00000000,?,00000104), ref: 00A395D5
                                                                                                                                                                        • OpenEventLogW.ADVAPI32(00000000,?), ref: 00A395ED
                                                                                                                                                                        • ClearEventLogW.ADVAPI32(00000000,00000000), ref: 00A39601
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Event$Create$ClearEnumOpenValue
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1260815474-0
                                                                                                                                                                        • Opcode ID: 20516b225c7b1124fb0bae588b748fa971c5900a8f190f080725f8424060b5e5
                                                                                                                                                                        • Instruction ID: 1b459f7f6f2cd8b25f5f75e7defb290a1c6f351aa3b1e6bfa8c28eaccdb58f46
                                                                                                                                                                        • Opcode Fuzzy Hash: 20516b225c7b1124fb0bae588b748fa971c5900a8f190f080725f8424060b5e5
                                                                                                                                                                        • Instruction Fuzzy Hash: 78C104B890030AEFDB20CF50D945B997B78FF04744F568088E6146F2B2D7BA9A84CF56
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 267 a3a68c-a3a70c GetVolumeNameForVolumeMountPointW FindFirstVolumeW 271 a3a712-a3a718 267->271 272 a3a950-a3a955 267->272 273 a3a91f-a3a941 271->273 274 a3a71e-a3a725 271->274 273->271 281 a3a947 273->281 274->273 275 a3a72b-a3a742 GetVolumePathNamesForVolumeNameW 274->275 275->273 277 a3a748-a3a74c 275->277 277->273 278 a3a752-a3a756 277->278 278->273 280 a3a75c-a3a766 GetDriveTypeW 278->280 282 a3a771-a3a779 call a31564 280->282 283 a3a768-a3a76b 280->283 281->272 286 a3a7f7-a3a81d call a316f0 CreateFileW 282->286 287 a3a77b-a3a7c3 282->287 283->273 283->282 291 a3a823-a3a849 DeviceIoControl 286->291 292 a3a916-a3a919 NtClose 286->292 297 a3a7e3-a3a7e7 287->297 298 a3a7c5-a3a7de call a3a600 287->298 291->292 294 a3a84f-a3a856 291->294 292->273 295 a3a858-a3a864 294->295 296 a3a8bc-a3a8c3 294->296 300 a3a883-a3a889 295->300 301 a3a866-a3a86d 295->301 296->292 299 a3a8c5-a3a8cc 296->299 302 a3a7f2 297->302 303 a3a7e9 297->303 298->297 299->292 304 a3a8ce-a3a8d5 299->304 307 a3a88b-a3a892 300->307 308 a3a8a8-a3a8b5 call a316c0 call a3a600 300->308 301->300 305 a3a86f-a3a876 301->305 302->273 303->302 304->292 309 a3a8d7-a3a8f1 call a316c0 304->309 305->300 310 a3a878-a3a87f 305->310 307->308 312 a3a894-a3a89b 307->312 319 a3a8ba 308->319 323 a3a8f3-a3a8fa 309->323 324 a3a90a-a3a911 call a3a600 309->324 310->300 315 a3a881 310->315 312->308 316 a3a89d-a3a8a4 312->316 315->319 316->308 320 a3a8a6 316->320 319->292 320->319 325 a3a908 323->325 326 a3a8fc-a3a903 call a3a600 323->326 324->292 325->292 326->325
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetVolumeNameForVolumeMountPointW.KERNELBASE(?,?,00000104), ref: 00A3A6D6
                                                                                                                                                                        • FindFirstVolumeW.KERNELBASE(?,00000104), ref: 00A3A6FF
                                                                                                                                                                        • GetVolumePathNamesForVolumeNameW.KERNELBASE(?,?,00000040,00000000), ref: 00A3A73A
                                                                                                                                                                        • GetDriveTypeW.KERNELBASE(?), ref: 00A3A75D
                                                                                                                                                                        • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000080,00000000,?), ref: 00A3A810
                                                                                                                                                                        • DeviceIoControl.KERNELBASE(000000FF,00070048,00000000,00000000,?,00000090,00000001,00000000), ref: 00A3A841
                                                                                                                                                                        • NtClose.NTDLL(000000FF), ref: 00A3A919
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Volume$Name$CloseControlCreateDeviceDriveFileFindFirstMountNamesPathPointType
                                                                                                                                                                        • String ID: '
                                                                                                                                                                        • API String ID: 3318900191-1997036262
                                                                                                                                                                        • Opcode ID: b828ed25eb36b7eb4cb2c1cc562ed7f286671896678770eed6c14945eb607832
                                                                                                                                                                        • Instruction ID: 680729a39754dabbf33bcef800666625311893fd54d979b881bb9770c43bf9ee
                                                                                                                                                                        • Opcode Fuzzy Hash: b828ed25eb36b7eb4cb2c1cc562ed7f286671896678770eed6c14945eb607832
                                                                                                                                                                        • Instruction Fuzzy Hash: 19719F30D00B24EFDB319BA0DC09B9ABB79FF21316F158095F285B60A1D7745A86CF66
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 329 a3c3f8-a3c412 330 a3c64b-a3c654 329->330 331 a3c418-a3c42d call a36de8 329->331 331->330 334 a3c433-a3c449 call a36844 331->334 337 a3c645-a3c646 call a3686c 334->337 338 a3c44f-a3c460 call a48c34 334->338 337->330 342 a3c466-a3c4e7 call a316c0 CreateFileW 338->342 343 a3c63f-a3c640 call a3686c 338->343 342->343 349 a3c4ed-a3c502 WriteFile 342->349 343->337 350 a3c636 349->350 351 a3c508-a3c52b RegCreateKeyExW 349->351 350->343 351->350 352 a3c531-a3c55d RegSetValueExW 351->352 354 a3c563-a3c5dc RegCreateKeyExW 352->354 355 a3c62d-a3c630 NtClose 352->355 354->355 358 a3c5de-a3c610 RegSetValueExW 354->358 355->350 358->355 360 a3c612-a3c626 SHChangeNotify 358->360 360->355
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00A36844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00A47764,?,00000000,00000000), ref: 00A36860
                                                                                                                                                                        • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00A3C4DA
                                                                                                                                                                        • WriteFile.KERNELBASE(000000FF,00000000,000000FF,?,00000000), ref: 00A3C4FA
                                                                                                                                                                        • RegCreateKeyExW.KERNELBASE(80000000,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 00A3C523
                                                                                                                                                                        • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000), ref: 00A3C555
                                                                                                                                                                        • RegCreateKeyExW.KERNELBASE(80000000,?,00000000,00000000,00000000,00020106,00000000,?,00000000), ref: 00A3C5D4
                                                                                                                                                                        • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,?,00000000), ref: 00A3C608
                                                                                                                                                                        • SHChangeNotify.SHELL32(08000000,00001000,00000000,00000000), ref: 00A3C620
                                                                                                                                                                        • NtClose.NTDLL(?), ref: 00A3C630
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Create$FileValue$AllocateChangeCloseHeapNotifyWrite
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1108940941-0
                                                                                                                                                                        • Opcode ID: 4727218d07b7660fbed0fb3157143836493e6a298791973bf22499b69085b746
                                                                                                                                                                        • Instruction ID: 879b709086c51042965341b7bca06e2dc51040a093ea62390f67844a696288bd
                                                                                                                                                                        • Opcode Fuzzy Hash: 4727218d07b7660fbed0fb3157143836493e6a298791973bf22499b69085b746
                                                                                                                                                                        • Instruction Fuzzy Hash: 1D519270A00709BBEB10DFA0DC4AFAE7B79FB04715F504124F605B60E0E7B1AA55CB94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 361 a47034-a47053 363 a47111-a47118 361->363 364 a47059-a47060 361->364 367 a47145-a4717c CreateThread * 2 363->367 368 a4711a-a47133 CreateThread 363->368 365 a47062-a47088 call a36ae8 364->365 366 a4708b-a47092 364->366 365->366 371 a47094-a4709b 366->371 372 a470ce-a470d5 366->372 369 a47183-a4718a 367->369 370 a4717e call a37ca4 367->370 368->367 373 a47135-a4713e 368->373 376 a471a4-a471ab 369->376 377 a4718c-a471a1 CreateThread 369->377 370->369 371->372 379 a4709d-a470c7 call a39c64 371->379 372->363 375 a470d7-a470de 372->375 373->367 375->363 381 a470e0-a4710a call a39c64 375->381 382 a471b6-a471dd call a3b734 call a3e1e8 376->382 383 a471ad-a471b4 376->383 377->376 379->372 381->363 410 a47221-a47225 382->410 411 a471df-a471e6 382->411 383->382 387 a4722e-a47232 383->387 389 a47234-a4723f 387->389 390 a47248-a4724c 387->390 389->390 396 a47262-a47269 390->396 397 a4724e-a47259 390->397 399 a4727f-a47286 396->399 400 a4726b-a47276 NtTerminateThread 396->400 397->396 404 a472b3-a472bd 399->404 405 a47288-a472a1 CreateThread 399->405 400->399 416 a47392-a473a0 call a41934 call a41d28 call a416ac 404->416 417 a472c3-a472ca 404->417 405->404 408 a472a3-a472ac 405->408 408->404 410->387 413 a47201-a47208 411->413 414 a471e8-a471fc call a3a68c call a3e2b8 call a40a38 call a3e2b8 call a40be4 411->414 419 a47214-a4721c call a3e270 call a3e2b8 413->419 420 a4720a-a4720f call a3e2b8 call a3fc88 413->420 414->413 451 a473a5-a473a9 416->451 421 a472f7-a472fe 417->421 422 a472cc-a472e5 CreateThread 417->422 419->410 420->419 427 a47300-a47304 421->427 428 a47339-a47340 call a3b674 421->428 422->421 430 a472e7-a472f0 422->430 434 a47306-a47311 427->434 435 a4731a-a47334 call a36ae8 call a3da00 427->435 444 a47342-a47347 call a38960 428->444 445 a47349-a4734b call a38230 428->445 430->421 434->435 435->428 456 a47350-a47357 444->456 445->456 459 a47359-a47360 456->459 460 a4736b-a4738b call a39640 call a404b4 456->460 459->460 463 a47362-a47369 459->463 466 a47390 460->466 463->460 463->466 466->451
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,00A38F68,00000000,00000000,00000000), ref: 00A47129
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,00A37468,00000000,00000000,00000000), ref: 00A47154
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,00A3782C,00000000,00000000,00000000), ref: 00A4716C
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,00A37E58,00000000,00000000,00000000), ref: 00A4719B
                                                                                                                                                                        • NtTerminateThread.NTDLL(?,00000000), ref: 00A47270
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,00A39628,00000000,00000000,00000000), ref: 00A47297
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,00A3C064,00000000,00000000,00000000), ref: 00A472DB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Thread$Create$Terminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1922322686-0
                                                                                                                                                                        • Opcode ID: 14a394f75f17ff55d2666995bfb78d32b5a0078619e620899848926df6795cb2
                                                                                                                                                                        • Instruction ID: e607c8ee5cfd2e597c729a3adb896eee1eae77cbd2a0590fa6ab73c563ec00c7
                                                                                                                                                                        • Opcode Fuzzy Hash: 14a394f75f17ff55d2666995bfb78d32b5a0078619e620899848926df6795cb2
                                                                                                                                                                        • Instruction Fuzzy Hash: FC919174D48B84BEEB21EBF4AD2ABAD3E75BB44703F240214F651640F2DBB41882DB14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 469 a3f308-a3f31f GetFileAttributesW 470 a3f321-a3f32d call a3bbf4 469->470 471 a3f37f-a3f391 SetThreadPriority call a31564 469->471 476 a3f371-a3f37c call a3686c 470->476 477 a3f32f-a3f33d call a3a094 470->477 478 a3f393-a3f39a 471->478 479 a3f39c 471->479 477->476 486 a3f33f-a3f343 477->486 482 a3f3a3-a3f3b6 call a36844 478->482 479->482 490 a3f3bd-a3f3fd call a3c19c call a3f164 call a3686c FindFirstFileExW 482->490 488 a3f345-a3f349 486->488 489 a3f34b-a3f36e call a3c19c call a37290 call a3ef6c 486->489 488->476 488->489 503 a3f403-a3f411 490->503 504 a3f535-a3f54a call a3686c 490->504 510 a3f416-a3f41f 503->510 508 a3f54e-a3f562 504->508 509 a3f54c-a3f56a call a3686c 504->509 508->490 517 a3f56f-a3f572 509->517 512 a3f421-a3f427 510->512 513 a3f429 510->513 512->513 515 a3f42e-a3f438 512->515 516 a3f514-a3f526 FindNextFileW 513->516 518 a3f43a 515->518 519 a3f43f-a3f446 515->519 516->510 520 a3f52c-a3f52f FindClose 516->520 518->516 521 a3f453-a3f457 519->521 522 a3f448-a3f44c 519->522 520->504 524 a3f481-a3f489 call a3f21c 521->524 525 a3f459-a3f461 call a3f2b4 521->525 522->521 523 a3f44e 522->523 523->516 532 a3f490-a3f497 524->532 533 a3f48b 524->533 530 a3f463-a3f47a call a3f1c8 525->530 531 a3f47c 525->531 530->531 531->516 535 a3f4a4-a3f4ae call a3bbf4 532->535 536 a3f499-a3f4a0 532->536 533->516 541 a3f4b2-a3f4d0 call a3f1c8 call a37290 call a3ef6c 535->541 542 a3f4b0 535->542 536->535 538 a3f4a2 536->538 538->516 548 a3f4d5-a3f4dc 541->548 542->516 548->516 549 a3f4de-a3f4e0 548->549 550 a3f4e2-a3f507 549->550 551 a3f509 549->551 550->516 551->516
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(?), ref: 00A3F314
                                                                                                                                                                        • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 00A3F383
                                                                                                                                                                        • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000,?,?,?,88,003D0900), ref: 00A3F3F0
                                                                                                                                                                        • FindNextFileW.KERNELBASE(000000FF,?), ref: 00A3F51E
                                                                                                                                                                        • FindClose.KERNELBASE(000000FF), ref: 00A3F52F
                                                                                                                                                                          • Part of subcall function 00A3A094: FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00A3A0B6
                                                                                                                                                                          • Part of subcall function 00A3A094: FindClose.KERNELBASE(000000FF), ref: 00A3A0DC
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Find$File$CloseFirst$AttributesNextPriorityThread
                                                                                                                                                                        • String ID: 88
                                                                                                                                                                        • API String ID: 3755735135-383729359
                                                                                                                                                                        • Opcode ID: 2f71ad8ed60abad80351594dc6d2a1d98d751a8de430755dc1fffe053a010274
                                                                                                                                                                        • Instruction ID: 8fa7478ac6fb478d06f9b95daaba22e1ae8fa82c0c361c950ef866e625efff96
                                                                                                                                                                        • Opcode Fuzzy Hash: 2f71ad8ed60abad80351594dc6d2a1d98d751a8de430755dc1fffe053a010274
                                                                                                                                                                        • Instruction Fuzzy Hash: 7D619830C20209EFDF21AFA0DD46BAEBB75BF05312F104175F915A61A2D7319E92EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 553 a36668-a3667b 554 a3667e-a36683 553->554 554->554 555 a36685-a36699 call a3a094 554->555 558 a366a5-a366c7 CreateFileW 555->558 559 a3669b-a3669f 555->559 560 a367ca-a367cc 558->560 561 a366cd-a366cf 558->561 559->558 559->560 563 a367cf-a367d2 560->563 562 a366d2-a366fb NtAllocateVirtualMemory 561->562 566 a36703 562->566 567 a366fd-a36708 562->567 564 a367f3-a367f7 563->564 565 a367d4-a367ed NtFreeVirtualMemory 563->565 564->563 568 a367f9-a367fd 564->568 565->564 570 a36733-a36738 566->570 574 a3671b-a3671e 567->574 575 a3670a-a36719 567->575 572 a36808-a3681f call a36550 DeleteFileW 568->572 573 a367ff-a36802 NtClose 568->573 571 a3673b-a36746 570->571 576 a36754 571->576 577 a36748-a36752 571->577 585 a36821 572->585 586 a36828-a3682c 572->586 573->572 579 a3672d-a36731 574->579 580 a36720-a36728 call a36628 574->580 575->579 581 a36759-a36760 576->581 577->581 579->562 579->570 580->579 584 a36763-a36779 WriteFile 581->584 587 a3677b 584->587 588 a3677d-a3679a SetFilePointerEx 584->588 585->586 589 a36836-a3683f 586->589 590 a3682e-a36831 call a3686c 586->590 591 a3679c-a367a3 587->591 588->584 588->591 590->589 593 a367a7-a367c5 591->593 594 a367a5 591->594 593->571 594->560
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNELBASE(00A377D6,40000000,00000003,00000000,00000003,80000000,00000000,00A377D6,?,?,00000000,?), ref: 00A366BA
                                                                                                                                                                        • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004,?,00000000,?), ref: 00A366F3
                                                                                                                                                                        • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000,?,00000000,?), ref: 00A36771
                                                                                                                                                                        • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001,?,00000000,?), ref: 00A3678D
                                                                                                                                                                        • NtFreeVirtualMemory.NTDLL(000000FF,?,00010000,00008000,?,00000000,?), ref: 00A367ED
                                                                                                                                                                        • NtClose.NTDLL(000000FF,?,00000000,?), ref: 00A36802
                                                                                                                                                                        • DeleteFileW.KERNELBASE(?,000000FF,?,?,00000000,?), ref: 00A36817
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$MemoryVirtual$AllocateCloseCreateDeleteFreePointerWrite
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3569053182-0
                                                                                                                                                                        • Opcode ID: ed5ba4fb7e10b73ac0f25af1e4f5f07cf64119390c137c425ccf6606f7c88fdb
                                                                                                                                                                        • Instruction ID: 3dd32c0aca7e209303a637e69b520fbb2b86446094d862b20cdb3f89c201b585
                                                                                                                                                                        • Opcode Fuzzy Hash: ed5ba4fb7e10b73ac0f25af1e4f5f07cf64119390c137c425ccf6606f7c88fdb
                                                                                                                                                                        • Instruction Fuzzy Hash: 80514B71D00209BFDF11CFA4DD45BEEBBB9FB08369F204225F611B6090D3B55A858B51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 647 a3de78-a3de89 SetThreadPriority 648 a3de8f-a3deae 647->648 650 a3deb0-a3deb8 648->650 651 a3dede-a3dee0 648->651 650->651 652 a3deba 650->652 653 a3dee2-a3dee5 651->653 654 a3dee6-a3deeb 651->654 655 a3dec1-a3ded6 652->655 656 a3def1-a3df23 ReadFile 654->656 657 a3dfa0-a3dfa3 654->657 673 a3deda 655->673 674 a3ded8-a3dedc 655->674 658 a3df96 656->658 659 a3df25-a3df30 656->659 660 a3e0a1-a3e0a4 657->660 661 a3dfa9-a3dfee call a320ac 657->661 666 a3e180-a3e19f 658->666 659->658 662 a3df32-a3df3a 659->662 663 a3e131-a3e134 660->663 664 a3e0aa-a3e0e9 WriteFile 660->664 701 a3dff0-a3e005 661->701 702 a3e007-a3e00f 661->702 667 a3df58-a3df7f 662->667 668 a3df3c-a3df56 662->668 663->666 670 a3e136-a3e13a 663->670 671 a3e0eb-a3e0f6 664->671 672 a3e12d 664->672 685 a3e1a3-a3e1ab 666->685 686 a3e1a1 666->686 703 a3df92 667->703 704 a3df81-a3df8c 667->704 668->658 676 a3e150-a3e16e NtClose call a31074 call a3686c 670->676 677 a3e13c-a3e142 670->677 671->672 679 a3e0f8-a3e116 671->679 672->666 673->655 674->648 706 a3e173-a3e17e 676->706 683 a3e146-a3e14e 677->683 684 a3e144 677->684 713 a3e129 679->713 714 a3e118-a3e123 679->714 683->677 684->676 692 a3e1d1 685->692 693 a3e1ad 685->693 689 a3e1d3-a3e1d5 686->689 697 a3e1d7-a3e1da 689->697 698 a3e1db 689->698 692->666 692->689 694 a3e1b4-a3e1c9 693->694 715 a3e1cb-a3e1cf 694->715 716 a3e1cd 694->716 698->654 708 a3e031-a3e04d WriteFile 701->708 709 a3e011-a3e013 702->709 710 a3e01e-a3e02a 702->710 703->658 711 a3df90 704->711 712 a3df8e 704->712 706->666 725 a3e1e0 706->725 720 a3e097 708->720 721 a3e04f-a3e05a 708->721 709->710 717 a3e015-a3e01c 709->717 710->708 711->667 712->658 713->672 718 a3e127 714->718 719 a3e125 714->719 715->666 716->694 717->708 718->679 719->672 720->666 721->720 724 a3e05c-a3e080 721->724 728 a3e093 724->728 729 a3e082-a3e08d 724->729 725->648 728->720 730 a3e091 729->730 731 a3e08f 729->731 730->724 731->720
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetThreadPriority.KERNELBASE(000000FE,00000002), ref: 00A3DE89
                                                                                                                                                                        • ReadFile.KERNELBASE(?,?,?,?,?), ref: 00A3DF1B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FilePriorityReadThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3643687941-0
                                                                                                                                                                        • Opcode ID: 73cde0589206cb61a25275d347cf37fda56fd758189346629da1d235f88d386e
                                                                                                                                                                        • Instruction ID: fabf660b237a2a0d3d370ac7d8baf1a69a3591a223c749d02631cf686c9b3260
                                                                                                                                                                        • Opcode Fuzzy Hash: 73cde0589206cb61a25275d347cf37fda56fd758189346629da1d235f88d386e
                                                                                                                                                                        • Instruction Fuzzy Hash: D9A17971900608EFEF21CFA0DDC8BAA7BBDFB18715F204262F906C91A5E7709A45DB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 752 a3766c-a37693 754 a37822-a37827 752->754 755 a37699-a376ad call a36844 752->755 758 a376b3-a37700 call a316c0 FindFirstFileExW 755->758 759 a37806-a3780a 755->759 758->759 769 a37706-a3770f 758->769 760 a37814-a37818 759->760 761 a3780c-a3780f call a3686c 759->761 760->754 763 a3781a-a3781d call a3686c 760->763 761->760 763->754 770 a377e5-a377f7 FindNextFileW 769->770 771 a37715-a3771b 769->771 770->769 773 a377fd 770->773 771->770 772 a37721-a3774f call a36844 771->772 772->770 778 a37755-a37791 GetFileAttributesW 772->778 773->759 782 a37793-a3779e 778->782 783 a377ce-a377d1 call a36668 778->783 788 a377a2-a377ad 782->788 789 a377a0 782->789 785 a377d6-a377de call a3686c 783->785 785->770 790 a377b9 788->790 791 a377af-a377bb call a3766c 788->791 793 a377bd-a377cc call a3686c 789->793 790->793 791->782 793->770
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00A36844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00A47764,?,00000000,00000000), ref: 00A36860
                                                                                                                                                                        • FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 00A376F3
                                                                                                                                                                        • GetFileAttributesW.KERNELBASE(00000000), ref: 00A37786
                                                                                                                                                                        • FindNextFileW.KERNELBASE(000000FF,?), ref: 00A377EF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Find$AllocateAttributesFirstHeapNext
                                                                                                                                                                        • String ID: *
                                                                                                                                                                        • API String ID: 2400493143-163128923
                                                                                                                                                                        • Opcode ID: bdddfc29de797ebd34efa9ba6b909308cda5ffed854dc228420253c770fa8a7e
                                                                                                                                                                        • Instruction ID: b46307969cd57a5c55881a55b1160a11c4072b36a363ad48ecb517a7e5619f33
                                                                                                                                                                        • Opcode Fuzzy Hash: bdddfc29de797ebd34efa9ba6b909308cda5ffed854dc228420253c770fa8a7e
                                                                                                                                                                        • Instruction Fuzzy Hash: 5C413AB0C04218EBDF219FA0ED49BAEBB75FF04306F504460F411A50B1E7765AA4DF51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 799 a35c24-a35c35 800 a35c37-a35c51 call a35aec 799->800 801 a35c56-a35c5d 799->801 800->801 803 a35c5f-a35c79 call a35aec 801->803 804 a35c7e-a35c85 801->804 803->804 807 a35c87-a35ca1 call a35aec 804->807 808 a35ca6-a35cad call a31658 804->808 807->808 813 a35cb2-a35cb6 808->813 814 a35cb8-a35ce2 call a31240 813->814 815 a35cdd-a35ce0 813->815 819 a35ce9-a35d04 FindFirstFileW 814->819 815->813 820 a35d06-a35d17 call a311c4 819->820 821 a35d54-a35d58 819->821 831 a35d37-a35d49 FindNextFileW 820->831 832 a35d19-a35d2b FindClose call a35a20 820->832 822 a35d5a-a35d9c 821->822 823 a35d5c-a35d66 821->823 826 a35d8b-a35d8e 823->826 827 a35d68-a35d6d 823->827 826->819 829 a35d86-a35d89 827->829 830 a35d6f-a35d84 call a31240 827->830 829->827 830->826 831->820 833 a35d4b-a35d4e FindClose 831->833 837 a35d30-a35d34 832->837 833->821
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 00A35CF7
                                                                                                                                                                        • FindClose.KERNELBASE(000000FF,?,00000000), ref: 00A35D1C
                                                                                                                                                                        • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00A35D41
                                                                                                                                                                        • FindClose.KERNELBASE(000000FF), ref: 00A35D4E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1164774033-0
                                                                                                                                                                        • Opcode ID: bbbb2642951798c9e6666052aeb77ee85f9afdad7c6ed79cd7174b0fe920054c
                                                                                                                                                                        • Instruction ID: 5b248cce4bc5bc1ecc318c946164859ab8e5c797ba92ef33805c70705f0e6f6d
                                                                                                                                                                        • Opcode Fuzzy Hash: bbbb2642951798c9e6666052aeb77ee85f9afdad7c6ed79cd7174b0fe920054c
                                                                                                                                                                        • Instruction Fuzzy Hash: 45414870C00B08EFDB20EFB8DD99BA97BB9BB00346F6081A5F4059E161E73559C6DB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtSetInformationProcess.NTDLL(000000FF,00000021,00000000,00000004,00000004,00000000,00A471D1), ref: 00A3B751
                                                                                                                                                                        • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002), ref: 00A3B763
                                                                                                                                                                        • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004), ref: 00A3B778
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1801817001-0
                                                                                                                                                                        • Opcode ID: fdea19ad9bb7852f37733b59f420bf24b9839663c88ed28e5c1d7b3946a729d4
                                                                                                                                                                        • Instruction ID: a7498cf27816a073dd56f3efb11cbc564a12f94a09f23bd5408771270511f426
                                                                                                                                                                        • Opcode Fuzzy Hash: fdea19ad9bb7852f37733b59f420bf24b9839663c88ed28e5c1d7b3946a729d4
                                                                                                                                                                        • Instruction Fuzzy Hash: F7F01CB1640710BFEB21ABE4DDC6F1137ACAB0A722F100360B331DD0D6D7B084448762
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?,9870B143), ref: 00A3B4B1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryProtectVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2706961497-3916222277
                                                                                                                                                                        • Opcode ID: d0af3198395470c2995741073750f94b896b46e6e95fbe12e0f5673f0076599c
                                                                                                                                                                        • Instruction ID: d1e1b56214b80e81bb89c7de8fcf3adfc120d18d1f320e15a20b49af2e81702e
                                                                                                                                                                        • Opcode Fuzzy Hash: d0af3198395470c2995741073750f94b896b46e6e95fbe12e0f5673f0076599c
                                                                                                                                                                        • Instruction Fuzzy Hash: 01F03A71D00308BBDB10CFA4DD89B9EB7BCAB04725F604295B629A71D1E7755B008B64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00A36844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00A47764,?,00000000,00000000), ref: 00A36860
                                                                                                                                                                        • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00A37E7E
                                                                                                                                                                        • Sleep.KERNELBASE(000007D0,?), ref: 00A37F45
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeapInformationQuerySleepSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3184523392-0
                                                                                                                                                                        • Opcode ID: c1fc2df5f372121ddac238b69144be73f96c1e8cc421c2bc835ff518833e1a0e
                                                                                                                                                                        • Instruction ID: 812ce3d74368f91603cfb70ba2fdecefa61a189c4452f9422afd17297b36a55b
                                                                                                                                                                        • Opcode Fuzzy Hash: c1fc2df5f372121ddac238b69144be73f96c1e8cc421c2bc835ff518833e1a0e
                                                                                                                                                                        • Instruction Fuzzy Hash: 4D2115B1D04208AFDF21DFA0DD84B9EBBB9FF04305F208095F914AA161E7729A45DFA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00A38F8A
                                                                                                                                                                          • Part of subcall function 00A397D8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00A39805
                                                                                                                                                                          • Part of subcall function 00A39880: NtClose.NTDLL(00000000), ref: 00A39971
                                                                                                                                                                        • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,D1F935A5), ref: 00A38FC1
                                                                                                                                                                          • Part of subcall function 00A38DA8: OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,7DDDCD9C), ref: 00A38DE6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Information$AdjustCloseManagerOpenPrivilegeQuerySystemThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1903255304-0
                                                                                                                                                                        • Opcode ID: 134bc47b9a8fc5a48bf86d16e345892cc372551c6d8dc0f8260354e0901f6963
                                                                                                                                                                        • Instruction ID: 2c59bd7182f05bef9e0ac8ac9536a43520e6d8a5e7d4b658ee15efe4116bcf35
                                                                                                                                                                        • Opcode Fuzzy Hash: 134bc47b9a8fc5a48bf86d16e345892cc372551c6d8dc0f8260354e0901f6963
                                                                                                                                                                        • Instruction Fuzzy Hash: 98218170900309BAEB24ABE0CC4EB9F7A78AF05702F104054B504A61D5EBB48A80DB61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00A38F8A
                                                                                                                                                                          • Part of subcall function 00A397D8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00A39805
                                                                                                                                                                          • Part of subcall function 00A39880: NtClose.NTDLL(00000000), ref: 00A39971
                                                                                                                                                                        • NtSetInformationThread.NTDLL(000000FE,00000005,00000000,00000004,00000000,00000002,00000002,D1F935A5), ref: 00A38FC1
                                                                                                                                                                          • Part of subcall function 00A38DA8: OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,7DDDCD9C), ref: 00A38DE6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Information$AdjustCloseManagerOpenPrivilegeQuerySystemThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1903255304-0
                                                                                                                                                                        • Opcode ID: 99477b16639827c14b05900c93f4040ec7eb52a66f0136d0773e5b3a8660972c
                                                                                                                                                                        • Instruction ID: 09535c07eaf1a93e4efea8253e4fc84f30e627616be24c59e6f79dab16ea4224
                                                                                                                                                                        • Opcode Fuzzy Hash: 99477b16639827c14b05900c93f4040ec7eb52a66f0136d0773e5b3a8660972c
                                                                                                                                                                        • Instruction Fuzzy Hash: E2219070A00309BAEF24ABF0CC4EBDF7AB8AF05702F104054F600A61D5EBF48A80DB61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00A37590: FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00A375FF
                                                                                                                                                                          • Part of subcall function 00A37590: FindClose.KERNELBASE(000000FF), ref: 00A3765C
                                                                                                                                                                        • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00A3751F
                                                                                                                                                                        • FindNextFileW.KERNELBASE(000000FF,?), ref: 00A37576
                                                                                                                                                                          • Part of subcall function 00A3766C: FindFirstFileExW.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 00A376F3
                                                                                                                                                                          • Part of subcall function 00A3766C: GetFileAttributesW.KERNELBASE(00000000), ref: 00A37786
                                                                                                                                                                          • Part of subcall function 00A3766C: FindNextFileW.KERNELBASE(000000FF,?), ref: 00A377EF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFind$First$Next$AttributesClose
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 95010735-0
                                                                                                                                                                        • Opcode ID: d059fc7a92ba20f2654a19f8143cbd0da2aebc460e5f3f4158fce3dbef5ee758
                                                                                                                                                                        • Instruction ID: 1a82cd78ac2b81f7b85d815f2b3c2377d65ea53b946c40bcfecfd6b91c6d45b4
                                                                                                                                                                        • Opcode Fuzzy Hash: d059fc7a92ba20f2654a19f8143cbd0da2aebc460e5f3f4158fce3dbef5ee758
                                                                                                                                                                        • Instruction Fuzzy Hash: 2121EDB194020DABDB20EBA0DD49FDDB7BCAB14302F4004A1B609D61A1E771AB558F66
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00A375FF
                                                                                                                                                                        • FindClose.KERNELBASE(000000FF), ref: 00A3765C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                        • Opcode ID: fc9f9b33865aa33261ec3e8713a6b0fa4718e93f34f1e080e6f1a6f600813e3e
                                                                                                                                                                        • Instruction ID: 1b19d5bcc2464e0d09630a0aacaa008d3b251e39543b0fb2ebf470fc721f7600
                                                                                                                                                                        • Opcode Fuzzy Hash: fc9f9b33865aa33261ec3e8713a6b0fa4718e93f34f1e080e6f1a6f600813e3e
                                                                                                                                                                        • Instruction Fuzzy Hash: B3216FB0800208EFDB10DFA4DC1DF9CBBB9FF04306F0041A0E909AA161E7719A99CF55
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00A37E7E
                                                                                                                                                                        • Sleep.KERNELBASE(000007D0,?), ref: 00A37F45
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationQuerySleepSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3518162127-0
                                                                                                                                                                        • Opcode ID: 6a7983a3d4c0b3d947d89b35cf3c438d620123bb9b2e213673a95c3b366e86a1
                                                                                                                                                                        • Instruction ID: 5873cf33d0198579e6b611dba23ff7bd762a788c173397f877f11c7791702908
                                                                                                                                                                        • Opcode Fuzzy Hash: 6a7983a3d4c0b3d947d89b35cf3c438d620123bb9b2e213673a95c3b366e86a1
                                                                                                                                                                        • Instruction Fuzzy Hash: ED211AB1904208EFDF11DFA0C944B9DBBB9FF04305F208099F901AA151D7769A46DFA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00A37E7E
                                                                                                                                                                        • Sleep.KERNELBASE(000007D0,?), ref: 00A37F45
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationQuerySleepSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3518162127-0
                                                                                                                                                                        • Opcode ID: 0227fb06b00f31e5d5fc5213061e91014e16eebe0f88968aaf9febb2194d1f67
                                                                                                                                                                        • Instruction ID: 5873cf33d0198579e6b611dba23ff7bd762a788c173397f877f11c7791702908
                                                                                                                                                                        • Opcode Fuzzy Hash: 0227fb06b00f31e5d5fc5213061e91014e16eebe0f88968aaf9febb2194d1f67
                                                                                                                                                                        • Instruction Fuzzy Hash: ED211AB1904208EFDF11DFA0C944B9DBBB9FF04305F208099F901AA151D7769A46DFA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,00A3DE78,00000000,00000000,00000000,?,00000000), ref: 00A3E239
                                                                                                                                                                          • Part of subcall function 00A3B444: NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,00A36541,00000000,00A5586C,00A36390,00000000,00000000,00A55858,00A36378,00000000,00000000,00A5584C), ref: 00A3B465
                                                                                                                                                                        • NtClose.NTDLL(00000000,00000000,?,00000000), ref: 00A3E24C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Thread$CloseCreateInformation
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3895992022-0
                                                                                                                                                                        • Opcode ID: 0e44fb0b8e6806d49e0dea656fd1803681857432238d8aff24b70e822c817bc4
                                                                                                                                                                        • Instruction ID: 48a50659305a1a172de1b6a1e72a7d061215ac39b8fddc490fcf3bb4a08c53e6
                                                                                                                                                                        • Opcode Fuzzy Hash: 0e44fb0b8e6806d49e0dea656fd1803681857432238d8aff24b70e822c817bc4
                                                                                                                                                                        • Instruction Fuzzy Hash: DD01A970B40B14FBE720EBF4AC9ABDE7768FB14717F600210FA15A62E1EBB06E058555
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtSetInformationThread.NTDLL(000000FE,00000005,00000008,00000004), ref: 00A3B424
                                                                                                                                                                        • NtClose.NTDLL(00000008), ref: 00A3B432
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseInformationThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3167811113-0
                                                                                                                                                                        • Opcode ID: 85f9002286f471038843ae9ae68e22756e5a8d917a76f01a2102325096c3d654
                                                                                                                                                                        • Instruction ID: 56569303dbf5b5e6c6c3137c13b941c04d00a3890a92e10b73f4dd1409067797
                                                                                                                                                                        • Opcode Fuzzy Hash: 85f9002286f471038843ae9ae68e22756e5a8d917a76f01a2102325096c3d654
                                                                                                                                                                        • Instruction Fuzzy Hash: 8D018F70510308EFE700CF90DC89FAABBB9FB00305F508164FA049B1A1E3B5CA59DBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLogicalDriveStringsW.KERNELBASE(00000104,?), ref: 00A3747F
                                                                                                                                                                        • GetDriveTypeW.KERNELBASE(?), ref: 00A37495
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Drive$LogicalStringsType
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1630765265-0
                                                                                                                                                                        • Opcode ID: 7372b5158ce3449c0d95203b2d52aff01356980f87e33e5d57da8e25d392af71
                                                                                                                                                                        • Instruction ID: 6930de129124597b64e0a06c30bcec41178b51e6c23cda1ac038b7d95cef576f
                                                                                                                                                                        • Opcode Fuzzy Hash: 7372b5158ce3449c0d95203b2d52aff01356980f87e33e5d57da8e25d392af71
                                                                                                                                                                        • Instruction Fuzzy Hash: 9EE0E5B25047195BDB31E7E4ACC59AF776CDF05301F000150FA44D2001DA54BD86C6A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 00A3A0B6
                                                                                                                                                                        • FindClose.KERNELBASE(000000FF), ref: 00A3A0DC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                        • Opcode ID: bbd1ec8039115ee9212e7d41a3830dd0229df014d1b18d2cb3f5845a0e664d12
                                                                                                                                                                        • Instruction ID: 51a20b0cd3c8f0e0293de8b71b64c71ea6dbd9fd7166df137d18e176c86a3a73
                                                                                                                                                                        • Opcode Fuzzy Hash: bbd1ec8039115ee9212e7d41a3830dd0229df014d1b18d2cb3f5845a0e664d12
                                                                                                                                                                        • Instruction Fuzzy Hash: 5FF03A74901308EFDB20DFA4CC49B9CBBB4FB44311F208295A818AB2A0E7716F92DF44
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                                                        • Opcode ID: 3abaaf8aa6038ab5ad9466e63a5c63b5d4cad63e0a6c31b5bc45cd040194435b
                                                                                                                                                                        • Instruction ID: d4f8bdb7da8d8a3a3b18240bf20d31e87ef70f9ecc30d74f4018fa03a44e8bf2
                                                                                                                                                                        • Opcode Fuzzy Hash: 3abaaf8aa6038ab5ad9466e63a5c63b5d4cad63e0a6c31b5bc45cd040194435b
                                                                                                                                                                        • Instruction Fuzzy Hash: 15319A70D0020CEFEB01CF94D858BDEBBB9FB04319F608159E415BA290D7B69A49DF91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00A36844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00A47764,?,00000000,00000000), ref: 00A36860
                                                                                                                                                                        • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00A39805
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeapInformationQuerySystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3114120137-0
                                                                                                                                                                        • Opcode ID: e7c5a979fd3e19f04f546811b66ed70d15a3df1bc96b9f1357841728a110358c
                                                                                                                                                                        • Instruction ID: 4a562837d98a537b0347bc261eea1d50c45567adf792ea06ce2591b69745079c
                                                                                                                                                                        • Opcode Fuzzy Hash: e7c5a979fd3e19f04f546811b66ed70d15a3df1bc96b9f1357841728a110358c
                                                                                                                                                                        • Instruction Fuzzy Hash: 01111871D00108FBDF51DFD5D881ADEBBB9EF19310F2081A6FA10AA151D7B25E90EB94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtQueryInformationToken.NTDLL(00000000,00000001,?,00000028,?,00000000), ref: 00A36CDF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationQueryToken
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4239771691-0
                                                                                                                                                                        • Opcode ID: 130c3dbe3373c6dd1f70b8d05872dacf5bda55ba966a751064e60686b614d164
                                                                                                                                                                        • Instruction ID: fa8c8b5eb67554378bbef7941c3a85d60502836bfac0897f37883503365f4677
                                                                                                                                                                        • Opcode Fuzzy Hash: 130c3dbe3373c6dd1f70b8d05872dacf5bda55ba966a751064e60686b614d164
                                                                                                                                                                        • Instruction Fuzzy Hash: B3115830A00609FFDF50CF90DC88BAEBBB8FF04306F548125F911A61A0D7719A98DB11
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 00A35A71
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Load
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2234796835-0
                                                                                                                                                                        • Opcode ID: 3b08709be89de65058db00f99898f6334e9fa4dcca49bf1c71881652d51f8d6f
                                                                                                                                                                        • Instruction ID: e5ace5b26113840a98d8c49e8da42c79080019114b878e8765e36b189542735f
                                                                                                                                                                        • Opcode Fuzzy Hash: 3b08709be89de65058db00f99898f6334e9fa4dcca49bf1c71881652d51f8d6f
                                                                                                                                                                        • Instruction Fuzzy Hash: E6F03C76D0060DFACF10EEE8D949FDEB7BCFB04365F4045A2B919A7040D230AB499BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtTerminateProcess.NTDLL(00A37DB8,00000000), ref: 00A3DCC3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ProcessTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 560597551-0
                                                                                                                                                                        • Opcode ID: 9af4689317ce46b2597cc455b8c91ba587dd5129f2a8d5588fdd768e014890d3
                                                                                                                                                                        • Instruction ID: 6afc71ca881a88fc0bd05d6c64917bc15d5dec9dfc13fad3db1bca56c13ed688
                                                                                                                                                                        • Opcode Fuzzy Hash: 9af4689317ce46b2597cc455b8c91ba587dd5129f2a8d5588fdd768e014890d3
                                                                                                                                                                        • Instruction Fuzzy Hash: C701E8B0900308EFDB00CF90D858BDEBBB8FB04319F608198E504AB291D7B79646CF91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtQueryInformationToken.NTDLL(?,00000001,?,0000002C,?), ref: 00A3B69E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationQueryToken
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4239771691-0
                                                                                                                                                                        • Opcode ID: 86b916327254fd8d43903d6bfe5a6957da7d5620fb53db65e329fd884d0c8a36
                                                                                                                                                                        • Instruction ID: 8aae53c6bc820d3e14ce29bf904af75cb2c45087cd4df00c5bfd4ca854095e13
                                                                                                                                                                        • Opcode Fuzzy Hash: 86b916327254fd8d43903d6bfe5a6957da7d5620fb53db65e329fd884d0c8a36
                                                                                                                                                                        • Instruction Fuzzy Hash: 8CF03031A01208EFEB10DBD4DC86EADB77EFB04316FA04165FA14D31A1E771AE548B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00A39805
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationQuerySystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3562636166-0
                                                                                                                                                                        • Opcode ID: 87b10ed0cc44363ae36b53623c9bd8fb63a720011596e9a46533e13651620813
                                                                                                                                                                        • Instruction ID: d4f7d3c3dc09f73865a5761af37e4f71dec17f770d9cfc59fd5f8c94e94955e4
                                                                                                                                                                        • Opcode Fuzzy Hash: 87b10ed0cc44363ae36b53623c9bd8fb63a720011596e9a46533e13651620813
                                                                                                                                                                        • Instruction Fuzzy Hash: 46F03A35E04108FBDF50DFD5D8C0BAEB778EF55301F204092FA01AA150C3B19A90EB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00A39805
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationQuerySystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3562636166-0
                                                                                                                                                                        • Opcode ID: 1c0b711425fda121eb19d6a86f42ae6a8aa899ed33670ba6c7ab4444b5a98e02
                                                                                                                                                                        • Instruction ID: d4f7d3c3dc09f73865a5761af37e4f71dec17f770d9cfc59fd5f8c94e94955e4
                                                                                                                                                                        • Opcode Fuzzy Hash: 1c0b711425fda121eb19d6a86f42ae6a8aa899ed33670ba6c7ab4444b5a98e02
                                                                                                                                                                        • Instruction Fuzzy Hash: 46F03A35E04108FBDF50DFD5D8C0BAEB778EF55301F204092FA01AA150C3B19A90EB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,00A36541,00000000,00A5586C,00A36390,00000000,00000000,00A55858,00A36378,00000000,00000000,00A5584C), ref: 00A3B465
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4046476035-0
                                                                                                                                                                        • Opcode ID: 35b38eacc37f6b14ce2fa6cc0a8f1c506d0d026f0583983d513284c484092d2d
                                                                                                                                                                        • Instruction ID: 9a4d8af61bd48601fb31ab076ddc7cfbcd40aaa433d0b0e4371b393cda8202f1
                                                                                                                                                                        • Opcode Fuzzy Hash: 35b38eacc37f6b14ce2fa6cc0a8f1c506d0d026f0583983d513284c484092d2d
                                                                                                                                                                        • Instruction Fuzzy Hash: 9AD05E725A020CAAD700DB54DC15BB6336ED311302F108125B20686091D7B0A4908668
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryTextWindow$CreateDialogFreeLoad$BrushColorCommandErrorLastLineMenuPixelProc$ButtonCapsCheckedCountDeviceExitHeapImageItemMessageNamePaletteParamProcessSelectSolidTick
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2067994032-0
                                                                                                                                                                        • Opcode ID: fe2a67a2767d0e070b25dcd6b39472c25c38ac929686b95d25d1c54642b01075
                                                                                                                                                                        • Instruction ID: 4af5d0ddcac61115716338185993fbb692e0c2f987b57fdb8def0e3210beaf7f
                                                                                                                                                                        • Opcode Fuzzy Hash: fe2a67a2767d0e070b25dcd6b39472c25c38ac929686b95d25d1c54642b01075
                                                                                                                                                                        • Instruction Fuzzy Hash: 0C01621CC5B595A9D1913BF0BF07B6D6AA4AFF2312F2918A8B1182A0E79F6C4900C577
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 95 a38230-a38289 96 a38290-a3829f 95->96 97 a3828b 95->97 104 a382a1 96->104 105 a382a6-a382b6 96->105 98 a388b9-a388bd 97->98 99 a388c8-a388cc 98->99 100 a388bf 98->100 102 a388ce-a388d2 99->102 103 a388dd-a388e1 99->103 100->99 102->103 106 a388d4 102->106 107 a388e3 103->107 108 a388ec-a388f0 103->108 104->98 112 a382b8 105->112 113 a382bd-a382cd 105->113 106->103 107->108 110 a388f2 108->110 111 a388fb-a388ff 108->111 110->111 114 a38901-a38904 call a3686c 111->114 115 a38909-a3890d 111->115 112->98 123 a382d4-a382ef call a40e98 113->123 124 a382cf 113->124 114->115 117 a38917-a3891b 115->117 118 a3890f-a38912 call a3686c 115->118 120 a38926-a3892a 117->120 121 a3891d 117->121 118->117 125 a38935-a38939 120->125 126 a3892c 120->126 121->120 133 a382f1-a38316 123->133 134 a38319-a383a9 call a31240 123->134 124->98 128 a38944-a38948 125->128 129 a3893b 125->129 126->125 131 a38955-a3895b 128->131 132 a3894a-a3894d 128->132 129->128 132->131 133->134 141 a383b0-a383be 134->141 142 a383ab 134->142 144 a383c0 141->144 145 a383c5-a383d6 call a36844 141->145 142->98 144->98 148 a383d8 145->148 149 a383dd-a383e5 call a31564 145->149 148->98 152 a38401-a38412 call a36de8 149->152 153 a383e7-a383f8 call a36de8 149->153 158 a38414 152->158 159 a38419-a38432 152->159 160 a383fa 153->160 161 a383ff 153->161 158->98 163 a38434-a38443 call a3686c 159->163 164 a38448-a3845b 159->164 160->98 161->159 163->98 168 a38462-a38478 164->168 169 a3845d 164->169 171 a3847a 168->171 172 a3847f-a3848d 168->172 169->98 171->98 174 a38494-a384e7 call a31564 172->174 175 a3848f 172->175 181 a384e9-a384f6 174->181 182 a384f8 174->182 175->98 183 a384fb-a3851c DrawTextW 181->183 182->183 184 a38523-a385cb 183->184 185 a3851e 183->185 189 a385d2-a385ff 184->189 190 a385cd 184->190 185->98 193 a38601 189->193 194 a38606-a3867f call a316c0 call a31240 CreateFileW 189->194 190->98 193->98 202 a38681 194->202 203 a38686-a386a0 WriteFile 194->203 202->98 204 a386a2 203->204 205 a386a7-a386be WriteFile 203->205 204->98 206 a386c0 205->206 207 a386c5-a386dc WriteFile 205->207 206->98 208 a386e3-a38707 call a36c98 207->208 209 a386de 207->209 213 a38709 208->213 214 a3870e-a387b2 call a316c0 call a31240 RegCreateKeyExW 208->214 209->98 213->98 220 a387b4 214->220 221 a387b9-a38818 call a31240 RegSetValueExW 214->221 220->98 225 a3881a 221->225 226 a3881f-a388a0 call a31240 RegSetValueExW 221->226 225->98 230 a388a2 226->230 231 a388a4-a388a8 226->231 230->98 231->98 232 a388aa-a388b1 231->232 232->98
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ($BM
                                                                                                                                                                        • API String ID: 0-2980357723
                                                                                                                                                                        • Opcode ID: 8dd0da432b602a32f54d7dc4007d6d5396220de76519351aa42c54d080fe890f
                                                                                                                                                                        • Instruction ID: a338de7bcd3a8f61fabb2c6bb15cc31dd447e039b7323c7ecbb6d34fda8d4d34
                                                                                                                                                                        • Opcode Fuzzy Hash: 8dd0da432b602a32f54d7dc4007d6d5396220de76519351aa42c54d080fe890f
                                                                                                                                                                        • Instruction Fuzzy Hash: 0E223670900309EFEB21DFA0DC49BAEBBB5BF08305F504065F611BA1A0DB799A45DF65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 596 a3bc38-a3bc62 598 a3bc64 596->598 599 a3bc69-a3bc80 596->599 600 a3be8c-a3be90 598->600 604 a3bc82 599->604 605 a3bc87-a3bc94 call a36844 599->605 602 a3be92 600->602 603 a3be9b-a3be9f 600->603 602->603 606 a3bea1-a3bea4 DeleteDC 603->606 607 a3beaa-a3beae 603->607 604->600 615 a3bc96 605->615 616 a3bc9b-a3bcf6 call a31240 CreateDCW 605->616 606->607 609 a3beb0-a3beb3 call a3686c 607->609 610 a3beb8-a3bebc 607->610 609->610 611 a3bec7-a3becc 610->611 612 a3bebe 610->612 612->611 615->600 620 a3bcf8 616->620 621 a3bcfd-a3bdc7 call a31240 StartDocW 616->621 620->600 632 a3bdc9 621->632 633 a3bdce-a3bdd9 call a31720 621->633 632->600 636 a3bdde-a3bdea 633->636 638 a3bdee-a3be66 DrawTextA EndPage 636->638 639 a3bdec 636->639 638->636 640 a3be6c-a3be7b EndDoc call a31720 638->640 639->640 643 a3be80-a3be83 640->643 643->600
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Delete
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1035893169-0
                                                                                                                                                                        • Opcode ID: 1710977306b3e65626ddf09e816c553a815731bfb7c8ba27d88ee1ca95ec1b91
                                                                                                                                                                        • Instruction ID: 8c72324da61fa78a3f0d1c798d969ccdddda607fdfb4d1b045f0bc54a8fdf931
                                                                                                                                                                        • Opcode Fuzzy Hash: 1710977306b3e65626ddf09e816c553a815731bfb7c8ba27d88ee1ca95ec1b91
                                                                                                                                                                        • Instruction Fuzzy Hash: B181F071900709EFDF11DFA0DD1ABAEBBB6FB08302F244468F605AA1A0D7765A51EF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 732 a3c28c-a3c2b7 CreateFileW 733 a3c3ed-a3c3f3 732->733 734 a3c2bd-a3c2d6 732->734 735 a3c2dc-a3c2ee call a317ac 734->735 738 a3c2f5-a3c318 WriteFile 735->738 739 a3c31a-a3c329 738->739 740 a3c32c-a3c351 WriteFile 738->740 741 a3c353-a3c362 740->741 742 a3c365-a3c388 WriteFile 740->742 743 a3c38a-a3c399 742->743 744 a3c39c-a3c3c1 WriteFile 742->744 747 a3c3c3-a3c3d2 744->747 748 a3c3d5-a3c3e2 744->748 748->738 750 a3c3e8 748->750 750->735
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,?,00000000), ref: 00A3C2AA
                                                                                                                                                                        • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,00A56000,?,?,?,00000000), ref: 00A3C30B
                                                                                                                                                                        • WriteFile.KERNELBASE(000000FF,?,00000001,00000000,00000000,?,?,00000000), ref: 00A3C344
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Write$Create
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1602526932-0
                                                                                                                                                                        • Opcode ID: eaa2bdd21040147f2c397841e58934a4651813369970741a158ff88637fa2ad1
                                                                                                                                                                        • Instruction ID: 698976beb94110c5de2f30d517531d80e2fff9c8581f64ce3fcc84aa559f3ddf
                                                                                                                                                                        • Opcode Fuzzy Hash: eaa2bdd21040147f2c397841e58934a4651813369970741a158ff88637fa2ad1
                                                                                                                                                                        • Instruction Fuzzy Hash: BF412C31A0020CFFDB00EBE4EC45BEEFB7AFB54322F5081A6E604A6191E7715A55DB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 838 a3e45c-a3e49a SetFileAttributesW CreateFileW 839 a3e511-a3e518 838->839 840 a3e49c-a3e4b9 SetFilePointerEx 838->840 841 a3e4bb-a3e4d8 ReadFile 840->841 842 a3e508 840->842 841->842 843 a3e4da-a3e4ef call a3e350 841->843 842->839 843->842 846 a3e4f1-a3e4f9 843->846 847 a3e502-a3e503 call a3686c 846->847 848 a3e4fb 846->848 847->842 848->847
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 00A3E475
                                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00A3E48D
                                                                                                                                                                        • SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 00A3E4B1
                                                                                                                                                                        • ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 00A3E4D0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$AttributesCreatePointerRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4170910816-0
                                                                                                                                                                        • Opcode ID: 3f966826701af1b8b50df3b4e2f7b8be7038cdc1429ded2b8199a56c64506757
                                                                                                                                                                        • Instruction ID: f95520e1a4d266e0716c25702f8e8995c8330a2b7a0aeb5c9f83edc01a9ecfd6
                                                                                                                                                                        • Opcode Fuzzy Hash: 3f966826701af1b8b50df3b4e2f7b8be7038cdc1429ded2b8199a56c64506757
                                                                                                                                                                        • Instruction Fuzzy Hash: 31111F70A40308FBEF20DFB4DC49F9DBBB9BB04701F508164B605A61E1EB71AE558B14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RegCreateKeyExW.KERNELBASE(80000002,?,00000000,00000000,00000000,00020119,00000000,?,00000000), ref: 00A4100D
                                                                                                                                                                        • RegQueryValueExW.KERNELBASE(?,?,00000000,00000004,00000004,00000004), ref: 00A41040
                                                                                                                                                                        • RegDeleteKeyExW.KERNELBASE(80000002,?,00000100,00000000,000000FF,00000000), ref: 00A410A9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateDeleteQueryValue
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1796729037-0
                                                                                                                                                                        • Opcode ID: 28cc8351c65dda1c94d1db8ecd500576f068ef9dae8898c07da878de94a2c6c1
                                                                                                                                                                        • Instruction ID: 391fb37ca45e4f4da802682f3aef75f8b5d3dbc6dd083e7cb2640fed5fead44e
                                                                                                                                                                        • Opcode Fuzzy Hash: 28cc8351c65dda1c94d1db8ecd500576f068ef9dae8898c07da878de94a2c6c1
                                                                                                                                                                        • Instruction Fuzzy Hash: E15137B0910209EFEB20CFA0CC49FEEBBBCFB04705F544065BA14AA1A0D7749A94CF65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00A3E3AC: SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 00A3E3CD
                                                                                                                                                                          • Part of subcall function 00A3E3AC: CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 00A3E3E5
                                                                                                                                                                          • Part of subcall function 00A3E45C: SetFileAttributesW.KERNELBASE(00000000,00000080,?), ref: 00A3E475
                                                                                                                                                                          • Part of subcall function 00A3E45C: CreateFileW.KERNELBASE(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00A3E48D
                                                                                                                                                                          • Part of subcall function 00A3E45C: SetFilePointerEx.KERNELBASE(000000FF,-00000084,00000000,00000000,00000002), ref: 00A3E4B1
                                                                                                                                                                          • Part of subcall function 00A3E45C: ReadFile.KERNELBASE(000000FF,?,00000084,?,00000000), ref: 00A3E4D0
                                                                                                                                                                        • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 00A3EFEF
                                                                                                                                                                        • CreateIoCompletionPort.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 00A3F0B0
                                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,40000000,00000000,00000000,?,00000000,?), ref: 00A3F066
                                                                                                                                                                          • Part of subcall function 00A3686C: RtlFreeHeap.NTDLL(?,00000000,00000000,?,00A477F4,00000000), ref: 00A36888
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Create$Attributes$CompletionFreeHeapMovePointerPortRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 97630321-0
                                                                                                                                                                        • Opcode ID: f593dcb2353dfdc1078205595424c7419fc42c6f9cb9b643c3fd8fc78811c0a4
                                                                                                                                                                        • Instruction ID: 48ddb3893995f83c5a1c12ed9271d08959c8f92f2da4689a553d5dc479652b89
                                                                                                                                                                        • Opcode Fuzzy Hash: f593dcb2353dfdc1078205595424c7419fc42c6f9cb9b643c3fd8fc78811c0a4
                                                                                                                                                                        • Instruction Fuzzy Hash: 22513330D10608FFDF15AFA4EC09B9DBF75BB04306F208161FA05A90A1D7769A92EF00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ff9341348add4b44bd12d2862c98392c141a42d5bbea01cc516142f10c6a5f67
                                                                                                                                                                        • Instruction ID: f56e1d01340d0e5607e9ab11af52c50f019a3bf523b73e70505c7725b0da35f2
                                                                                                                                                                        • Opcode Fuzzy Hash: ff9341348add4b44bd12d2862c98392c141a42d5bbea01cc516142f10c6a5f67
                                                                                                                                                                        • Instruction Fuzzy Hash: DB21A330804608FBDF52ABE4DE4AB9D7BB2BB15326F2042A1F51575172C7720B61BB45
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,00A3A470,?,00000004,00000000), ref: 00A3A4B9
                                                                                                                                                                        • ResumeThread.KERNELBASE(00000000), ref: 00A3A4FD
                                                                                                                                                                        • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 00A3A515
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Thread$CodeCreateExitResume
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4070214711-0
                                                                                                                                                                        • Opcode ID: 0d807a7b27e5cf2cf2a190281d1d95747ff2f7225c901f1df265dd72f4bd599b
                                                                                                                                                                        • Instruction ID: 384ea56029226a6f4031fb09248aa14d47aca17bc91cb7dc7a8606d4b819e9b7
                                                                                                                                                                        • Opcode Fuzzy Hash: 0d807a7b27e5cf2cf2a190281d1d95747ff2f7225c901f1df265dd72f4bd599b
                                                                                                                                                                        • Instruction Fuzzy Hash: D711E370900208FFDB11DFE4DD09B9DBBB5FB14312F2081A5F915A62A0E7715A51EB41
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,00A3A1B0,?,00000004,00000000), ref: 00A3A1E4
                                                                                                                                                                        • ResumeThread.KERNELBASE(00000000), ref: 00A3A228
                                                                                                                                                                        • GetExitCodeThread.KERNELBASE(00000000,00000000), ref: 00A3A240
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Thread$CodeCreateExitResume
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4070214711-0
                                                                                                                                                                        • Opcode ID: 35cf47d422e38d5b413b4a2af559231cca82f0d9490348adbe11504d0eafc1b5
                                                                                                                                                                        • Instruction ID: 37e4179a5f27b6f4d25c4843c0f60e401373f4987e2b76992ee6a6f9fc123333
                                                                                                                                                                        • Opcode Fuzzy Hash: 35cf47d422e38d5b413b4a2af559231cca82f0d9490348adbe11504d0eafc1b5
                                                                                                                                                                        • Instruction Fuzzy Hash: 4411E231940208FFDB11DFE0ED0AB9DBB72FB14312F204194FA55A61B0E7725A61EB41
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00A37853
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Initialize
                                                                                                                                                                        • String ID: @
                                                                                                                                                                        • API String ID: 2538663250-2766056989
                                                                                                                                                                        • Opcode ID: 9f03487525133471a282aa543fed88c94390b723942a0d281471d04905359f2a
                                                                                                                                                                        • Instruction ID: 289317fcb8312a579f3353ed24bd3f924989df0e32a504e458374b1b8f3d57e4
                                                                                                                                                                        • Opcode Fuzzy Hash: 9f03487525133471a282aa543fed88c94390b723942a0d281471d04905359f2a
                                                                                                                                                                        • Instruction Fuzzy Hash: AAD1F5B490030AEFDB20CF90C989F9EBB79BF04300F158195A515AF2A2D779DA85CF65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 00A3E3CD
                                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 00A3E3E5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$AttributesCreate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 415043291-0
                                                                                                                                                                        • Opcode ID: ce39e72c2b644c97a35a3a0fb5175df6b860fb032c87cd86bce21380814e80e2
                                                                                                                                                                        • Instruction ID: 463cecbd796e181036c810b04a30cec1aa9ab2e4e12f3f959cbb8c835a429bb3
                                                                                                                                                                        • Opcode Fuzzy Hash: ce39e72c2b644c97a35a3a0fb5175df6b860fb032c87cd86bce21380814e80e2
                                                                                                                                                                        • Instruction Fuzzy Hash: CD11C230904208FFEF30CB90EC09BADBB74EB08722F308226F511650E0D3726A91EA45
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • MoveFileExW.KERNELBASE(00000000,00000000,00000008,00000000,00000000,00000000,00000000,?,00000000,?), ref: 00A3EFEF
                                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,40000000,00000000,00000000,?,00000000,?), ref: 00A3F066
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CreateMove
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3198096935-0
                                                                                                                                                                        • Opcode ID: 4acc66e4bf46a5ef3339968f37ad00765b9dbd560c73091e2d75520a5f4d5228
                                                                                                                                                                        • Instruction ID: abec4a091f1baac29752ce0001a6a25959df4f9b100c3c92fd1d7403a5b685ee
                                                                                                                                                                        • Opcode Fuzzy Hash: 4acc66e4bf46a5ef3339968f37ad00765b9dbd560c73091e2d75520a5f4d5228
                                                                                                                                                                        • Instruction Fuzzy Hash: FEF03030E50208FEDF259BA9EC05FACBB71AB05716F208276F611750E0D7711A51EF05
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • SetFileAttributesW.KERNELBASE(00000000,00000080,?,00000000,?,?,?), ref: 00A3E3CD
                                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,40000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?,?,?), ref: 00A3E3E5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$AttributesCreate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 415043291-0
                                                                                                                                                                        • Opcode ID: 6e102d429a0dad8199c1d5409c395572fdb61cb6859ba418aa1cf220b213aa76
                                                                                                                                                                        • Instruction ID: 1df1449b976a271304b20b40dcf7e85347eb5b48c1df09b72991daf57087e930
                                                                                                                                                                        • Opcode Fuzzy Hash: 6e102d429a0dad8199c1d5409c395572fdb61cb6859ba418aa1cf220b213aa76
                                                                                                                                                                        • Instruction Fuzzy Hash: 54E04F30A80704FAEF31DB60ED06F587A31AB08B61F604121FA11AC0E0D7B1AA51EA09
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                                                        • Opcode ID: 35ff71874213d5dcb5d308c3a65e1e2d77c5112e50fbbc1ffff5d294b489441e
                                                                                                                                                                        • Instruction ID: 2d75b54ce8286928a87e25999544036c6274f9a5709cbe6ddd7736cf15fdd055
                                                                                                                                                                        • Opcode Fuzzy Hash: 35ff71874213d5dcb5d308c3a65e1e2d77c5112e50fbbc1ffff5d294b489441e
                                                                                                                                                                        • Instruction Fuzzy Hash: E6615334D0070AEFEF10EFE0DD85BAEBB75FB44306F204125EA01662A0E7756A55EB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000,E80C4717,?,?,00A49487), ref: 00A363C5
                                                                                                                                                                          • Part of subcall function 00A3B444: NtSetInformationThread.NTDLL(00000000,?,00000000,00000000,?,00A36541,00000000,00A5586C,00A36390,00000000,00000000,00A55858,00A36378,00000000,00000000,00A5584C), ref: 00A3B465
                                                                                                                                                                          • Part of subcall function 00A3B470: NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?,9870B143), ref: 00A3B4B1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateHeapInformationMemoryProtectThreadVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2986011945-0
                                                                                                                                                                        • Opcode ID: 69bb5444ee3b43606d63c2cfcedee09404d1c4983d7e1e65093449dd54b66c29
                                                                                                                                                                        • Instruction ID: 75dd967e367b91d5325e3380a34bf75eb725699361f42a682af96c9840408a66
                                                                                                                                                                        • Opcode Fuzzy Hash: 69bb5444ee3b43606d63c2cfcedee09404d1c4983d7e1e65093449dd54b66c29
                                                                                                                                                                        • Instruction Fuzzy Hash: 6D318620FC1FB078407176BA6E1FE8F1D6CBDD2FA2FD54D14B808B518689A0A444C0B9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000004), ref: 00A37CBF
                                                                                                                                                                          • Part of subcall function 00A36844: RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00A47764,?,00000000,00000000), ref: 00A36860
                                                                                                                                                                          • Part of subcall function 00A3DC60: NtTerminateProcess.NTDLL(00A37DB8,00000000), ref: 00A3DCC3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeapManagerOpenProcessTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3645570960-0
                                                                                                                                                                        • Opcode ID: 446dfd736625c8bf3b395943ffa11b51cf3d9b6b16434a3a778c907f7e29aad9
                                                                                                                                                                        • Instruction ID: 69aa56d6f3cebe6b690a49cf4ee90e41c094814dad602f3b3301406fd98178b8
                                                                                                                                                                        • Opcode Fuzzy Hash: 446dfd736625c8bf3b395943ffa11b51cf3d9b6b16434a3a778c907f7e29aad9
                                                                                                                                                                        • Instruction Fuzzy Hash: A441FF70A40209FBEB21DBE0DD4ABEDBBB9BF08702F544065B600B60E0E7B15A90DF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00A35C24: FindFirstFileW.KERNELBASE(?,?,?,00000004,?), ref: 00A35CF7
                                                                                                                                                                          • Part of subcall function 00A35C24: FindClose.KERNELBASE(000000FF,?,00000000), ref: 00A35D1C
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000000,00000010,00000000,00000000,00000000,00000000,?,?,00A36408,00A5540C,00A35EE8,00000000,00000000,7E631824), ref: 00A35DE4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1673784098-0
                                                                                                                                                                        • Opcode ID: 6aa6ab6f3a8d40e69fdb75059b62d8e3266041796467851bdc4e4ca92ca89f1e
                                                                                                                                                                        • Instruction ID: de26efc1dcc96a95ded29ae2e22ea4a1a7544149c7703ebad00a9edafb9f8d7c
                                                                                                                                                                        • Opcode Fuzzy Hash: 6aa6ab6f3a8d40e69fdb75059b62d8e3266041796467851bdc4e4ca92ca89f1e
                                                                                                                                                                        • Instruction Fuzzy Hash: 6731B235A447429ED720DF3C8881756FA95BF11351F28C7A9F509CF293EAB1C580CB9A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00A3903C: RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00A3905E
                                                                                                                                                                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00A391AF
                                                                                                                                                                          • Part of subcall function 00A3DC60: NtTerminateProcess.NTDLL(00A37DB8,00000000), ref: 00A3DCC3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdjustCloseHandlePrivilegeProcessServiceTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3176663195-0
                                                                                                                                                                        • Opcode ID: 1b0a733b487e061748703207e40b1d890278d3542c895e45322694c252affd19
                                                                                                                                                                        • Instruction ID: ef9dd92d3ca4ec12e66d55d802b7305d9100f23fd3fd29166d7a187d9bd03600
                                                                                                                                                                        • Opcode Fuzzy Hash: 1b0a733b487e061748703207e40b1d890278d3542c895e45322694c252affd19
                                                                                                                                                                        • Instruction Fuzzy Hash: 4631E370940309EFEB10DFA0DC4DBDEBBB9BF08706F4441A4F604AA1A0E7B59A95DB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00A397D8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00A39805
                                                                                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001,7DDDCD9C), ref: 00A38DE6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationManagerOpenQuerySystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1910025873-0
                                                                                                                                                                        • Opcode ID: effc86ef988828b2cc400dc2d05475a5e84b267144975cf178de5af68e992ca4
                                                                                                                                                                        • Instruction ID: ad3b2e1fc978efe0c46107398c5f2b5824144f84b366a25c32fb3f36accb22c2
                                                                                                                                                                        • Opcode Fuzzy Hash: effc86ef988828b2cc400dc2d05475a5e84b267144975cf178de5af68e992ca4
                                                                                                                                                                        • Instruction Fuzzy Hash: 5031EA70900708EFDB10CFA0D959BADBBB4FF04706F6480A5F502AB2A1DBB98A45DF51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: aa0086d6f69bf186465bbc39842901a45b39897ab73885c298c5dec5e010046a
                                                                                                                                                                        • Instruction ID: b3122d2dcb4ac1f566f1b4d4949b7ad7e155ea025e32074e2c5a6fd5c2c73e0b
                                                                                                                                                                        • Opcode Fuzzy Hash: aa0086d6f69bf186465bbc39842901a45b39897ab73885c298c5dec5e010046a
                                                                                                                                                                        • Instruction Fuzzy Hash: 30213630941208FFDF109FA4DD46BADBBB1FF15306F2490B5F904AA2A1E7314A90EB44
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitialize.OLE32(00000000,?,?,?,?,00000000), ref: 00A3F85B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Initialize
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2538663250-0
                                                                                                                                                                        • Opcode ID: 0b60ea4a006d221ec5fce4a3e55dd894f26f0266da01b19eb69fd924e5fc234e
                                                                                                                                                                        • Instruction ID: 36e62cd5dc8b26faf2e7744266bcd8a461f860edd5355bd549db87a98ef6e16c
                                                                                                                                                                        • Opcode Fuzzy Hash: 0b60ea4a006d221ec5fce4a3e55dd894f26f0266da01b19eb69fd924e5fc234e
                                                                                                                                                                        • Instruction Fuzzy Hash: 9EC113B4D5030AEFDB10DFA0D949B9ABBB8FF04301F1180A5E504AF262D7399A45CF65
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateMutexW.KERNELBASE(0000000C,00000001,00000000), ref: 00A39C4B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateMutex
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1964310414-0
                                                                                                                                                                        • Opcode ID: f9173fda46f1d44c3162f364f5087d1424402d6695c15679605ecfbfd71efa07
                                                                                                                                                                        • Instruction ID: 61d8e00c6cdec31f12ca8b615569bb2ea10d3b9ca5f60c16cc6b436e5cad9747
                                                                                                                                                                        • Opcode Fuzzy Hash: f9173fda46f1d44c3162f364f5087d1424402d6695c15679605ecfbfd71efa07
                                                                                                                                                                        • Instruction Fuzzy Hash: 38117970C00B08AFEB11EBF0ED19BAABBB5BB08302F100255F5009A1E0E3B55A41DB48
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,00000000), ref: 00A3905E
                                                                                                                                                                          • Part of subcall function 00A397D8: NtQuerySystemInformation.NTDLL(00000005,?,00000400,00000400,00000400), ref: 00A39805
                                                                                                                                                                          • Part of subcall function 00A39880: NtClose.NTDLL(00000000), ref: 00A39971
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdjustCloseInformationPrivilegeQuerySystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 327775174-0
                                                                                                                                                                        • Opcode ID: e6139eb218fb191ce7a8a4b717848d67bcc01da2f15d0bc895990f165123b963
                                                                                                                                                                        • Instruction ID: b1093a596745b5a2c26dbe782448e99a4ac15166cd4542c093b1c551ce45b3b6
                                                                                                                                                                        • Opcode Fuzzy Hash: e6139eb218fb191ce7a8a4b717848d67bcc01da2f15d0bc895990f165123b963
                                                                                                                                                                        • Instruction Fuzzy Hash: CE01F470940308BFEB20EFE4CC4DFDE7A79AB01716F504194B504A61D0E7B58A84C791
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAdjustPrivilege.NTDLL(00000000,00000001,00000000,?), ref: 00A3B727
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdjustPrivilege
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3260937286-0
                                                                                                                                                                        • Opcode ID: b9f1ab3f7a3782f1745c2b2d64b16cc7c797e35c0f194a1b61c0675c0aac9ebc
                                                                                                                                                                        • Instruction ID: cd84f5ef9de0ab9c4faa6f4d712ec31fde4e0dfe999e9ed0921a781d17fc029d
                                                                                                                                                                        • Opcode Fuzzy Hash: b9f1ab3f7a3782f1745c2b2d64b16cc7c797e35c0f194a1b61c0675c0aac9ebc
                                                                                                                                                                        • Instruction Fuzzy Hash: BAD02B3152520566C73056A47C02BF2337FC780321F100311BF02DB1E0FB62994541F1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlReAllocateHeap.NTDLL(?,00000008,?,00000400,?,00A39825,?,00000400), ref: 00A368B3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 6dfea04b94ced97ec1bff68e501d8366c3e6368d3df9a3cca74b3dd32c471be6
                                                                                                                                                                        • Instruction ID: 1c0c418b058aded85d3b2758fccc3b9355664c2113022b50d8ba42b2c0e91c0e
                                                                                                                                                                        • Opcode Fuzzy Hash: 6dfea04b94ced97ec1bff68e501d8366c3e6368d3df9a3cca74b3dd32c471be6
                                                                                                                                                                        • Instruction Fuzzy Hash: E0D0C935580708AFCB55AFA8ED09FCA7B69BB54701F41C050FA848A462CB76D9A4EB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,00000000,00000000,?,00A477F4,00000000), ref: 00A36888
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                                        • Opcode ID: ddecb7dd83746f17dfc79a3ccc7bcec8cc6f6cf2d4c99f2a3bc660d544784147
                                                                                                                                                                        • Instruction ID: 882c58e697a90e8a7f123786b68af8b566cacc8da31d79f4d555a5fdc7d66b16
                                                                                                                                                                        • Opcode Fuzzy Hash: ddecb7dd83746f17dfc79a3ccc7bcec8cc6f6cf2d4c99f2a3bc660d544784147
                                                                                                                                                                        • Instruction Fuzzy Hash: 89D01235140704AFC714DFA8E905FD63769AB18705F894011B7494B0A1C775E890DA98
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000008,00000000,?,00A47764,?,00000000,00000000), ref: 00A36860
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 0c5e1494009ba73ea621602a78a5498454bd43f5b2f3a5bfca3c5fc08a431525
                                                                                                                                                                        • Instruction ID: 04168eba94c539c9d115538368275a23981dab324d068998c191a8a4e5953612
                                                                                                                                                                        • Opcode Fuzzy Hash: 0c5e1494009ba73ea621602a78a5498454bd43f5b2f3a5bfca3c5fc08a431525
                                                                                                                                                                        • Instruction Fuzzy Hash: DFD01231580704AFC7549FA9A945FD63769AB14702F458014B7484B061CB75D8D0DB94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CheckTokenMembership.KERNELBASE(00000000,00A3B4CC,?), ref: 00A3B4ED
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CheckMembershipToken
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1351025785-0
                                                                                                                                                                        • Opcode ID: 092eb96f73335193b413ba2e670bc315021e53921199fb6a4fe27b2f2661d661
                                                                                                                                                                        • Instruction ID: 56f2e31de65e3574a2fe349c97d9cacce70f7d4320d44ddd582bd1a15963c919
                                                                                                                                                                        • Opcode Fuzzy Hash: 092eb96f73335193b413ba2e670bc315021e53921199fb6a4fe27b2f2661d661
                                                                                                                                                                        • Instruction Fuzzy Hash: A3C0123495420CB7D600D6D4AC46A59B36CA704A21F500390BD18922C1E7616F1045D5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLogicalDriveStringsW.KERNELBASE(?,?), ref: 00A3A47B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DriveLogicalStrings
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2022863570-0
                                                                                                                                                                        • Opcode ID: 4253320766f26524e1ebf17ffe68825050792b4318ef90554c69d7442903bc71
                                                                                                                                                                        • Instruction ID: 41c8420c0eaa29a1ef0360ea01de160a20bb269e498936ccf49a9f7fd724365e
                                                                                                                                                                        • Opcode Fuzzy Hash: 4253320766f26524e1ebf17ffe68825050792b4318ef90554c69d7442903bc71
                                                                                                                                                                        • Instruction Fuzzy Hash: 4BC04836000208EF8B029B98E948C85BBAAAB186017048061F6094A131DA32A821AB95
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetDriveTypeW.KERNELBASE(?), ref: 00A3A1B6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DriveType
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 338552980-0
                                                                                                                                                                        • Opcode ID: 29c1116fc2579e40845f89ad71170baf81cf0cfccfb9c4d3506273dc989aebb6
                                                                                                                                                                        • Instruction ID: 1a1a301f9b78a603e090c0fb27ebc51e3093cd88f98506b0a46b3eae192342d0
                                                                                                                                                                        • Opcode Fuzzy Hash: 29c1116fc2579e40845f89ad71170baf81cf0cfccfb9c4d3506273dc989aebb6
                                                                                                                                                                        • Instruction Fuzzy Hash: 07B0123100020CA786009B91EC048857F5DEB102627004021F5040002097325462D594
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00A37853
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Initialize
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2538663250-0
                                                                                                                                                                        • Opcode ID: 2bce069f2336d37dc132f26cc07ff0ee098d696823bd086c18aacfda8d6c9254
                                                                                                                                                                        • Instruction ID: a525323b42da79d2ba96ae76ae43c331394693e5f515b7159afe269b4c7639f3
                                                                                                                                                                        • Opcode Fuzzy Hash: 2bce069f2336d37dc132f26cc07ff0ee098d696823bd086c18aacfda8d6c9254
                                                                                                                                                                        • Instruction Fuzzy Hash: 368115B8910306DFC720DF90D989F8ABB78BF05354F168198E5185F262C77ADA84CF66
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • Sleep.KERNELBASE(000000C8,?,?,00A3E405,00000000,?,00000000,?,?,?), ref: 00A3DE6B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Sleep
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3472027048-0
                                                                                                                                                                        • Opcode ID: 20052e3181e3b420afe4998075b1efb54400bce4546c72a838bbc6ffe947f5f4
                                                                                                                                                                        • Instruction ID: 611d63e9d3dfb1d4a4e6cc49ec1473631432054b308db47efce6e33b7efdf41c
                                                                                                                                                                        • Opcode Fuzzy Hash: 20052e3181e3b420afe4998075b1efb54400bce4546c72a838bbc6ffe947f5f4
                                                                                                                                                                        • Instruction Fuzzy Hash: CCD0A9B2209304ABEB50BFF8BCC180EFA09BB20301F20A133FA008A102C9A1C8188250
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 4e114aaabdd2759b9c58cd1c84113201e5cd25cf1ff6c20d40406d2ea0b425b6
                                                                                                                                                                        • Instruction ID: 1ca4141c5b5a52c3287f1adc05c94625e9216dc429cf4c30f33690ba4d34886a
                                                                                                                                                                        • Opcode Fuzzy Hash: 4e114aaabdd2759b9c58cd1c84113201e5cd25cf1ff6c20d40406d2ea0b425b6
                                                                                                                                                                        • Instruction Fuzzy Hash: 54E13D7AA24E028BD728CF69ECC0725B3A2FF8D741F198538D61587B55C339F961CA84
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5ae1b344ce7eabeca7d5a0e2004a9b7e15b356c338447e056007cc76e97bc746
                                                                                                                                                                        • Instruction ID: a18ea2cd5685db5060da8cc5bcdb17dc66b193f359c3577ca6f7aa582232f555
                                                                                                                                                                        • Opcode Fuzzy Hash: 5ae1b344ce7eabeca7d5a0e2004a9b7e15b356c338447e056007cc76e97bc746
                                                                                                                                                                        • Instruction Fuzzy Hash: F2D1D1719087818FC790CF29C58065AF7E0FFD8348F149A1EF999D3211E770EA998B82
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 06d92dbe339112daf7ea9381b134883bbc10ede859caa1fa3eb5628c3cdb05b5
                                                                                                                                                                        • Instruction ID: ebe5683e61f2874b3a91a10dee45524ef722f09576f537ac7223904974ebe09c
                                                                                                                                                                        • Opcode Fuzzy Hash: 06d92dbe339112daf7ea9381b134883bbc10ede859caa1fa3eb5628c3cdb05b5
                                                                                                                                                                        • Instruction Fuzzy Hash: 80D1527AE2494B8BDB14CF98ECD0B7AB372FB88341F098538D71197755C638AA11CB54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7650e607a092e3d7920f53b0c3106f674bdcf13e54ec0041135a6f28d741c789
                                                                                                                                                                        • Instruction ID: e73ed77edc1a35360eead763595279f86ab056b28d12a91525b3749ee19c2b66
                                                                                                                                                                        • Opcode Fuzzy Hash: 7650e607a092e3d7920f53b0c3106f674bdcf13e54ec0041135a6f28d741c789
                                                                                                                                                                        • Instruction Fuzzy Hash: BE314832FCAB064AFF75E29096417F7A224E7107A0EED13A3F9AA136425D1C0DC39653
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 30a0e9abdc729a2654e6b280349002feaec6c0d3e135a4956783796e6c1ba214
                                                                                                                                                                        • Instruction ID: af28949b07dfad245c342d794a140bb7c79ff3df625ea73a10b7f839491daa6b
                                                                                                                                                                        • Opcode Fuzzy Hash: 30a0e9abdc729a2654e6b280349002feaec6c0d3e135a4956783796e6c1ba214
                                                                                                                                                                        • Instruction Fuzzy Hash: 91316976A11A069BC728CF1AD884925F7B2FF9D301B15CA29D969C3B51C334F951CB84
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2166935310.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2166872088.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2166994017.0000000000A4A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167047379.0000000000A4B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167097483.0000000000A54000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167151470.0000000000A56000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2167199338.0000000000A57000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_a30000_Document.jbxd
                                                                                                                                                                        Yara matches
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                                                                                                                                                                        • Instruction ID: c8f2d8c325e8b8443a4fab514f35f3ee5240453ae407a2f11960bbe301c12ea6
                                                                                                                                                                        • Opcode Fuzzy Hash: 6e9e9d037a559c25274071be2e09c2d3cf2f15b9f66fb5d997d9d64617e40bf4
                                                                                                                                                                        • Instruction Fuzzy Hash: 46E04FBB20D3425FF92CD61174533A78387C380675E25849EF446DF1C0EF1BE8A52045
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:32.4%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:1.3%
                                                                                                                                                                        Total number of Nodes:160
                                                                                                                                                                        Total number of Limit Nodes:1
                                                                                                                                                                        execution_graph 890 403983 893 40389c 890->893 902 402a78 893->902 897 403903 932 4022dc 897->932 938 4028ba 902->938 904 402a9e 904->897 907 4026c0 904->907 905 402af0 CreateMutexW 905->904 952 4024f8 907->952 909 402729 909->897 913 402f18 909->913 910 4026e7 CreateFileW 910->909 911 40270b ReadFile 910->911 911->909 914 402f2e 913->914 914->914 956 40227c FindFirstFileExW 914->956 915 402f67 CreateFileW 917 402f57 915->917 920 402faf 915->920 916 402faa 919 4030c5 NtFreeVirtualMemory 916->919 921 4030ed 916->921 917->915 917->916 918 402fb4 NtAllocateVirtualMemory 918->920 927 402fe8 918->927 919->916 920->918 920->927 922 4030f3 NtClose 921->922 923 4030ff 921->923 922->923 958 402e10 923->958 925 40311f 925->897 926 40304b WriteFile 926->927 928 403068 SetFilePointerEx 926->928 927->916 927->926 929 403095 SetFilePointerEx 927->929 928->926 928->927 929->927 933 402303 932->933 934 402335 GetShortPathNameW 933->934 935 402330 27 API calls 933->935 934->935 936 40235e 934->936 936->935 937 40246d ShellExecuteW 936->937 937->935 939 4028dd 938->939 942 402760 CreateFileW 939->942 943 4027da 942->943 944 402797 942->944 945 402802 943->945 946 4027f6 NtClose 943->946 944->943 950 4020bc 944->950 945->904 945->905 946->945 947 4027b7 947->943 948 4027c0 ReadFile 947->948 948->943 951 4020c8 RtlAllocateHeap 950->951 951->947 953 402512 952->953 955 402760 4 API calls 953->955 954 402522 954->909 954->910 955->954 957 4022af 956->957 957->917 960 402e2e 958->960 959 402e37 DeleteFileW 959->925 960->959 960->960 961 402e7c MoveFileExW 960->961 961->959 961->960 962 403956 963 403963 962->963 964 403976 962->964 971 4019d4 963->971 1009 4016b4 971->1009 974 4016b4 9 API calls 975 4019f4 974->975 976 4016b4 9 API calls 975->976 977 401a05 976->977 978 4016b4 9 API calls 977->978 979 401a16 978->979 980 4016b4 9 API calls 979->980 981 401a27 980->981 982 4016b4 9 API calls 981->982 983 401a38 982->983 984 401b70 RtlCreateHeap 983->984 985 401ba6 RtlCreateHeap 984->985 995 401ba1 984->995 986 401bcb 985->986 985->995 986->995 1057 401a40 986->1057 988 401c03 989 401a40 RtlAllocateHeap 988->989 988->995 990 401c59 989->990 991 401a40 RtlAllocateHeap 990->991 990->995 992 401caf 991->992 993 401a40 RtlAllocateHeap 992->993 992->995 994 401d05 993->994 994->995 996 401a40 RtlAllocateHeap 994->996 1001 402812 995->1001 1005 402836 995->1005 997 401d55 996->997 997->995 1062 401d94 997->1062 998 401d7a 1065 401dc2 998->1065 1002 402836 1001->1002 1003 402850 RtlAdjustPrivilege 1002->1003 1004 40284e 1002->1004 1003->1002 1003->1004 1004->964 1006 402849 1005->1006 1007 402850 RtlAdjustPrivilege 1006->1007 1008 40284e 1006->1008 1007->1006 1007->1008 1008->964 1010 40176f 1009->1010 1011 4016cf 1009->1011 1010->974 1012 4016f5 NtAllocateVirtualMemory 1011->1012 1035 401000 1011->1035 1012->1010 1014 40172f NtAllocateVirtualMemory 1012->1014 1014->1010 1016 401752 1014->1016 1020 40152c 1016->1020 1018 40175f 1018->1010 1019 401000 3 API calls 1018->1019 1019->1018 1021 401540 1020->1021 1022 401558 1020->1022 1023 401000 3 API calls 1021->1023 1024 401000 3 API calls 1022->1024 1025 40157e 1022->1025 1023->1022 1024->1025 1026 401000 3 API calls 1025->1026 1029 4015a4 1025->1029 1026->1029 1027 4015ed FindFirstFileExW 1027->1029 1028 40166c 1028->1018 1029->1027 1029->1028 1030 401649 FindNextFileW 1029->1030 1031 40162a FindClose 1029->1031 1030->1029 1033 40165d FindClose 1030->1033 1043 401474 1031->1043 1033->1029 1034 401641 1034->1018 1036 401012 1035->1036 1037 40102a 1035->1037 1038 401000 3 API calls 1036->1038 1039 401000 3 API calls 1037->1039 1040 401050 1037->1040 1038->1037 1039->1040 1041 4010fb 1040->1041 1046 401394 1040->1046 1041->1012 1044 40148a 1043->1044 1045 4014b8 LdrLoadDll 1044->1045 1045->1034 1047 4013ee 1046->1047 1048 4013be 1046->1048 1047->1041 1048->1047 1049 401474 LdrLoadDll 1048->1049 1050 4013d2 1049->1050 1050->1047 1050->1050 1052 4014d8 1050->1052 1053 4014ee 1052->1053 1054 40150f LdrGetProcedureAddress 1052->1054 1056 4014fa LdrGetProcedureAddress 1053->1056 1055 401521 1054->1055 1055->1047 1056->1055 1058 401a5d RtlAllocateHeap 1057->1058 1059 401a79 1058->1059 1060 401a85 1058->1060 1059->988 1060->1058 1061 401b5b 1060->1061 1061->988 1063 401da8 NtSetInformationThread 1062->1063 1063->998 1066 401de9 1065->1066 1067 401e12 1066->1067 1068 401df2 NtProtectVirtualMemory 1066->1068 1067->995 1068->1067 1083 402126 1084 402141 1083->1084 1085 4020bc RtlAllocateHeap 1084->1085 1086 402158 1084->1086 1085->1086 1069 4019b7 1070 4019e0 1069->1070 1071 4016b4 9 API calls 1069->1071 1072 4016b4 9 API calls 1070->1072 1071->1070 1073 4019f4 1072->1073 1074 4016b4 9 API calls 1073->1074 1075 401a05 1074->1075 1076 4016b4 9 API calls 1075->1076 1077 401a16 1076->1077 1078 4016b4 9 API calls 1077->1078 1079 401a27 1078->1079 1080 4016b4 9 API calls 1079->1080 1081 401a38 1080->1081 1082 40286c NtSetInformationProcess NtSetInformationProcess NtSetInformationProcess

                                                                                                                                                                        Callgraph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                        • Disassembly available
                                                                                                                                                                        callgraph 0 Function_004026C0 38 Function_004024F8 0->38 1 Function_00401A40 39 Function_00401E78 1->39 2 Function_00401DC2 3 Function_004024C2 4 Function_00402B44 5 Function_00403144 6 Function_00401FC8 7 Function_00401F4C 8 Function_0040204C 9 Function_00402B50 10 Function_00401350 71 Function_00401130 10->71 11 Function_00402ED0 12 Function_004024D4 13 Function_004019D4 76 Function_004016B4 13->76 14 Function_00403956 14->13 33 Function_00401B70 14->33 54 Function_00402812 14->54 78 Function_00402836 14->78 15 Function_00403258 16 Function_004014D8 81 Function_00401438 16->81 17 Function_00401FDB 18 Function_004022DC 19 Function_0040205C 20 Function_00401F5C 21 Function_004020DE 22 Function_00402760 83 Function_004020BC 22->83 23 Function_004031E0 24 Function_00402264 25 Function_00401EE4 26 Function_004032E4 27 Function_004032E8 28 Function_00401868 29 Function_0040286C 30 Function_00401F6C 31 Function_00401B6E 32 Function_00401FEF 33->1 33->2 55 Function_00401D94 33->55 34 Function_00401472 35 Function_00401474 41 Function_004013F8 35->41 36 Function_004013F6 37 Function_00402A78 82 Function_004028BA 37->82 38->22 62 Function_00401E28 39->62 40 Function_00403478 42 Function_0040227C 43 Function_0040217C 44 Function_00402BFC 45 Function_00401000 45->7 45->10 45->25 45->45 56 Function_00401394 45->56 73 Function_00401EB0 45->73 46 Function_00402D80 47 Function_00403983 60 Function_0040389C 47->60 48 Function_00402003 49 Function_00402104 50 Function_00402C88 51 Function_00402E10 52 Function_00401190 52->71 53 Function_00401911 56->16 56->35 57 Function_00402017 58 Function_00402F18 58->42 58->51 59 Function_00401F9A 60->0 60->18 60->37 60->58 61 Function_00402126 61->83 63 Function_00402DA8 64 Function_0040152A 65 Function_0040202A 66 Function_0040152C 66->19 66->25 66->35 66->45 67 Function_00401F2C 66->67 68 Function_004018AD 69 Function_0040362E 70 Function_00401EAE 72 Function_00403230 74 Function_00401FB1 75 Function_004016B2 76->39 76->45 76->66 77 Function_00402234 79 Function_00401436 80 Function_004019B7 80->76 82->22 84 Function_00401A3E

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Text$Color$CreateWindow$Proc$CommandFontFreeHandleLibraryLineLoadMenuModule$AddressBitmapCharsetErrorExitInfoLastLocaleObjectProcessSelect
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3548022523-0
                                                                                                                                                                        • Opcode ID: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                                                                                                                                                                        • Instruction ID: 44f13d8dc4ada08d969f55db554330e9d88bd117b0c18836a0928b418f5903af
                                                                                                                                                                        • Opcode Fuzzy Hash: 75a7f395dfd15dd6a7f12e7587c497a330da91454d241e242464d6c2316bf13f
                                                                                                                                                                        • Instruction Fuzzy Hash: 89F0B724B651416AC500BFFB9947A0D6E2C6E8472BB50657EB0C1344E74D3C87009EAF
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 3 402f18-402f2b 4 402f2e-402f33 3->4 4->4 5 402f35-402f5b call 40227c 4->5 7 402f67-402f8c CreateFileW 5->7 8 402f5d-402f61 5->8 9 402f8e-402f96 7->9 10 402faf-402fb1 7->10 8->7 11 4030bb-4030bd 8->11 12 402f98-402fa6 9->12 13 402faa 9->13 14 402fb4-402fe0 NtAllocateVirtualMemory 10->14 15 4030c0-4030c3 11->15 12->13 27 402fa8 12->27 13->11 16 402fe2-402fed 14->16 17 402fe8 14->17 18 4030c5-4030e4 NtFreeVirtualMemory 15->18 19 4030e7-4030eb 15->19 28 403000-403003 16->28 29 402fef-402ffe 16->29 22 40301b-403020 17->22 18->19 19->15 23 4030ed-4030f1 19->23 26 403023-40302e 22->26 24 4030f3-4030fc NtClose 23->24 25 4030ff-40311d call 402e10 DeleteFileW 23->25 24->25 36 403126-40312a 25->36 37 40311f 25->37 30 403030-40303a 26->30 31 40303c 26->31 27->7 32 403015-403019 28->32 33 403005-403010 28->33 29->32 35 403041-403048 30->35 31->35 32->14 32->22 33->32 38 40304b-403064 WriteFile 35->38 39 403138-403141 36->39 40 40312c-403132 36->40 37->36 41 403066 38->41 42 403068-403088 SetFilePointerEx 38->42 40->39 43 40308a-403091 41->43 42->38 42->43 44 403093 43->44 45 403095-4030b6 SetFilePointerEx 43->45 44->11 45->26
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,80000000,00000000), ref: 00402F82
                                                                                                                                                                        • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00010000,00001000,00000004), ref: 00402FDB
                                                                                                                                                                        • WriteFile.KERNELBASE(000000FF,00000000,00010000,00010000,00000000), ref: 0040305F
                                                                                                                                                                        • SetFilePointerEx.KERNELBASE(000000FF,00010000,?,00000000,00000001), ref: 0040307E
                                                                                                                                                                        • SetFilePointerEx.KERNELBASE(000000FF,00010000,00000000,00000000,00000000,?,00000000,00000001), ref: 004030B3
                                                                                                                                                                        • NtFreeVirtualMemory.NTDLL(000000FF,00000000,00010000,00008000,?,00000000,00000001), ref: 004030E4
                                                                                                                                                                        • NtClose.NTDLL(000000FF,?,00000000,00000001), ref: 004030FC
                                                                                                                                                                        • DeleteFileW.KERNELBASE(?,?,00000000,00000001), ref: 00403118
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$MemoryPointerVirtual$AllocateCloseCreateDeleteFreeWrite
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 590822095-0
                                                                                                                                                                        • Opcode ID: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                                                                                                                                                                        • Instruction ID: 1b8bdb635f3090c090aca30f1047892238d11e79f8ef36d2dcee79009cce4089
                                                                                                                                                                        • Opcode Fuzzy Hash: 52122dafd602033dbf0aaa267e6343e8fb4df09450a7f36494692c9b8865e816
                                                                                                                                                                        • Instruction Fuzzy Hash: ED714871901209AFDB11CF90DD48BEEBB79FB08311F204266E511B62D4D3759E85CF99
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileExW.KERNELBASE(C:\Windows\System32\*.dll,00000000,?,00000000,00000000,00000000), ref: 00401601
                                                                                                                                                                        • FindClose.KERNELBASE(000000FF,?,00000000), ref: 0040162D
                                                                                                                                                                        • FindNextFileW.KERNELBASE(000000FF,?,?,00000000), ref: 00401653
                                                                                                                                                                        • FindClose.KERNEL32(000000FF), ref: 00401660
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                        • String ID: C:\Windows\System32\*.dll
                                                                                                                                                                        • API String ID: 1164774033-1305136377
                                                                                                                                                                        • Opcode ID: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                                                                                                                                                                        • Instruction ID: b8f602421e8d3e3309feb9384621a56ef9d54da146c7d7394d3b11ea37959a12
                                                                                                                                                                        • Opcode Fuzzy Hash: bdb8730289e2ca857be386bc3c3ab385330ed8d95a663a52d2d02b9110bb0279
                                                                                                                                                                        • Instruction Fuzzy Hash: 30418C71900608EFDB20AFA4DD48BAA77B4FB44325F608276E521BE1F0D7794A85DF48
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 82 402760-402795 CreateFileW 83 4027f0-4027f4 82->83 84 402797-4027a9 82->84 85 402802-40280b 83->85 86 4027f6-4027ff NtClose 83->86 84->83 88 4027ab-4027be call 4020bc 84->88 86->85 88->83 90 4027c0-4027d8 ReadFile 88->90 91 4027e4-4027ea 90->91 92 4027da-4027e2 90->92 91->83 92->83
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0040278B
                                                                                                                                                                        • ReadFile.KERNELBASE(000000FF,00000000,00000000,00000000,00000000), ref: 004027D3
                                                                                                                                                                        • NtClose.NTDLL(000000FF), ref: 004027FF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CloseCreateRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1419693385-0
                                                                                                                                                                        • Opcode ID: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                                                                                                                                                                        • Instruction ID: da411bd40fb0d6d878d2d447c4e829303a7e8bd202b0d35ae7576ead56d2946b
                                                                                                                                                                        • Opcode Fuzzy Hash: da89fd3cbdd23a7ddbe5d8b9f381f279ea58f3e72d3b71a90626c9ff8252170d
                                                                                                                                                                        • Instruction Fuzzy Hash: CA211A35601209EBDB10CF94DD89B9EBB75FF08310F2082A5A510AB2E1D7719E51DF94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 94 40286c-4028b9 NtSetInformationProcess * 3
                                                                                                                                                                        APIs
                                                                                                                                                                        • NtSetInformationProcess.NTDLL(000000FF,00000021,?,00000004), ref: 00402888
                                                                                                                                                                        • NtSetInformationProcess.NTDLL(000000FF,00000012,00000000,00000002,?,00000004), ref: 0040289D
                                                                                                                                                                        • NtSetInformationProcess.NTDLL(000000FF,0000000C,00000000,00000004,?,00000004), ref: 004028B5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1801817001-0
                                                                                                                                                                        • Opcode ID: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                                                                                                                                                                        • Instruction ID: 48adbd17ca007e7691ff2066b81a5959555298f4bd9a539b6f325b5cfe831ef7
                                                                                                                                                                        • Opcode Fuzzy Hash: b71ac733508e6e437ba76d930e61bde730921b23b00966883a2217b3d9eaec84
                                                                                                                                                                        • Instruction Fuzzy Hash: 2BF0F871141610EBEB15DB84DDC9F9637A8FB09720F2403A1F2319E1E6D3B0A484CF96
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 95 401dc2-401df0 97 401e21-401e27 95->97 98 401df2-401e10 NtProtectVirtualMemory 95->98 98->97 99 401e12-401e1f 98->99 99->97
                                                                                                                                                                        APIs
                                                                                                                                                                        • NtProtectVirtualMemory.NTDLL(000000FF,00000000,00000020,00000040,?), ref: 00401E0B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryProtectVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2706961497-3916222277
                                                                                                                                                                        • Opcode ID: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                                                                                                                                                                        • Instruction ID: 836d3446d31acb3b31e0b6cd8f4ee088cd02c28435d2c0c4ff934eaabbb3754d
                                                                                                                                                                        • Opcode Fuzzy Hash: 743ccc95185ac25335bad8a24ea2ffb6d91b2a6f6c30658889cc31c7cdbad58c
                                                                                                                                                                        • Instruction Fuzzy Hash: 72F03176500109ABDB00CF95D988BDFB7BCEB44324F2042A9EA14A72D1D7355E458B94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 180 4016b4-4016c9 181 401859-401862 180->181 182 4016cf-4016d6 180->182 183 4016f5-401729 NtAllocateVirtualMemory 182->183 184 4016d8-4016f0 call 401000 182->184 183->181 186 40172f-40174c NtAllocateVirtualMemory 183->186 184->183 186->181 188 401752-40175a call 40152c 186->188 190 40175f-401761 188->190 190->181 191 401767-40176d 190->191 192 401774-401781 call 401000 191->192 193 40176f 191->193 196 401851-401854 192->196 197 401787-401798 call 401e78 192->197 193->181 196->191 200 4017c9-4017cc 197->200 201 40179a-4017c4 call 401e78 197->201 203 4017fa-4017fd 200->203 204 4017ce-4017f8 call 401e78 200->204 201->196 205 401815-401818 203->205 206 4017ff-401813 203->206 204->196 210 401830-401833 205->210 211 40181a-40182e 205->211 206->196 210->196 212 401835-40184b 210->212 211->196 212->196
                                                                                                                                                                        APIs
                                                                                                                                                                        • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,?,00103000,00000040), ref: 0040171F
                                                                                                                                                                        • NtAllocateVirtualMemory.NTDLL(000000FF,00000000,00000000,00000000,00103000,00000004), ref: 00401742
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2167126740-0
                                                                                                                                                                        • Opcode ID: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                                                                                                                                                                        • Instruction ID: ad4b5e7ce53ce887a57ee0cc443bca07838dd3003dcb7b2c4dfa2ad75add82e8
                                                                                                                                                                        • Opcode Fuzzy Hash: 4a0fb159cb167e270aa132b3f88ebad20637f68d71e3a3db65f788631af4fc76
                                                                                                                                                                        • Instruction Fuzzy Hash: E3416031904204DADF10EF58C884B9AB7A4FF05314F14C1BAE919EF2E6D7788A41CB6A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 288 40227c-4022ad FindFirstFileExW 289 4022d2-4022d8 288->289 290 4022af-4022cf 288->290 290->289
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileExW.KERNELBASE(?,00000000,?,00000000,00000000,00000000), ref: 004022A4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileFindFirst
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1974802433-0
                                                                                                                                                                        • Opcode ID: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                                                                                                                                                                        • Instruction ID: 55f0629c3eadcc188d8749e42e063c0b49bca1bc4f8f265f590f61ae6da82bee
                                                                                                                                                                        • Opcode Fuzzy Hash: cdec62c82a5867c9461e13d27f073131a42764883e1863d73d8ab6d37f0e38bf
                                                                                                                                                                        • Instruction Fuzzy Hash: BBF0C974902608EFDB10DF94CD49B9DFBB4EB48310F2082A5A918AB2A0D7715E91CF84
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • NtSetInformationThread.NTDLL(00000000,?,00000000,00000000), ref: 00401DBB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4046476035-0
                                                                                                                                                                        • Opcode ID: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                                                                                                                                                                        • Instruction ID: 482b214da63c1bafeb7c1bb62a0bbbc62c262419b9af6fea3894fce228737229
                                                                                                                                                                        • Opcode Fuzzy Hash: 2ec57d8305034ae4dcd04f6f280aec29aa5e37325b0f502564d07dd60a6e8475
                                                                                                                                                                        • Instruction Fuzzy Hash: FEE05E329A020DAFD710DB50DC45FBB376DEB55311F508236B5029A1E0D6B8F891DA98
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 100 401b70-401b9f RtlCreateHeap 101 401ba1 100->101 102 401ba6-401bc4 RtlCreateHeap 100->102 103 401d8a-401d90 101->103 104 401bc6 102->104 105 401bcb-401be7 102->105 104->103 107 401be9 105->107 108 401bee-401c05 call 401a40 105->108 107->103 111 401c07 108->111 112 401c0c-401c3d 108->112 111->103 115 401c44-401c5b call 401a40 112->115 116 401c3f 112->116 119 401c62-401c93 115->119 120 401c5d 115->120 116->103 123 401c95 119->123 124 401c9a-401cb1 call 401a40 119->124 120->103 123->103 127 401cb3 124->127 128 401cb8-401ce9 124->128 127->103 131 401cf0-401d07 call 401a40 128->131 132 401ceb 128->132 135 401d09 131->135 136 401d0b-401d3c 131->136 132->103 135->103 139 401d40-401d57 call 401a40 136->139 140 401d3e 136->140 143 401d59 139->143 144 401d5b-401d80 call 401d94 call 401dc2 139->144 140->103 143->103 147 401d83 144->147 147->103
                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlCreateHeap.NTDLL(00001002,00000000,00000000,00000000,00000000,00000000), ref: 00401B96
                                                                                                                                                                        • RtlCreateHeap.NTDLL(00041002,00000000,00000000,00000000,00000000,00000000), ref: 00401BBB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 10892065-0
                                                                                                                                                                        • Opcode ID: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                                                                                                                                                                        • Instruction ID: eac1ce902914894448f3c06d12ced00cbe17960004271ddceb971b2a38276b5e
                                                                                                                                                                        • Opcode Fuzzy Hash: 453bda9d08a0096fe53e6a5bcc4a475ef93f8d776735eeddf63228c397926240
                                                                                                                                                                        • Instruction Fuzzy Hash: 34513034A80A04FBD7109B60ED09B5B7770FF18701F2086BAE6117A2F1D775A5859F8D
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 150 4022dc-40232e 154 402330 150->154 155 402335-402347 GetShortPathNameW 150->155 156 402483-402487 154->156 157 402349-402359 155->157 158 40235e-402380 155->158 159 402495-402499 156->159 160 402489-40248f 156->160 157->156 168 402382 158->168 169 402387-402425 158->169 163 4024a7-4024ab 159->163 164 40249b-4024a1 159->164 160->159 165 4024b9-4024bf 163->165 166 4024ad-4024b3 163->166 164->163 166->165 168->156 175 402427 169->175 176 402429-402481 ShellExecuteW 169->176 175->156 176->156
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetShortPathNameW.KERNELBASE(00000000,00000000,?), ref: 00402340
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: NamePathShort
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1295925010-0
                                                                                                                                                                        • Opcode ID: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                                                                                                                                                                        • Instruction ID: 5bcac900e59d09c9622bdf940851d370624af246baed8abb1bc217228d1f7e1b
                                                                                                                                                                        • Opcode Fuzzy Hash: a0a4f684a9d9108a63d91a30c19249ae39ae68594d14297edb71c581cb82e24b
                                                                                                                                                                        • Instruction Fuzzy Hash: B6514E75900606EFDB00DF90E948B9EFB71FF48301F2082A9E6156B2A1C375AA91DFC5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 213 4026c0-4026e5 call 4024f8 215 402730-402734 213->215 216 4026e7-402709 CreateFileW 213->216 218 402742-402746 215->218 219 402736-40273c 215->219 216->215 217 40270b-402727 ReadFile 216->217 217->215 220 402729 217->220 221 402754-40275a 218->221 222 402748-40274e 218->222 219->218 220->215 222->221
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004026FF
                                                                                                                                                                        • ReadFile.KERNELBASE(000000FF,000000FF,0000021C,?,00000000), ref: 00402722
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CreateRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3388366904-0
                                                                                                                                                                        • Opcode ID: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                                                                                                                                                                        • Instruction ID: dec784d2d3492f4c007a4c80bb83cd8b4abde05e7af7cfb80cb91198c32a9eba
                                                                                                                                                                        • Opcode Fuzzy Hash: 64d441af2ae5f8cd80c02da2bb5cacaba4a8c0a7bb8fd120945ed4e9a720f5dc
                                                                                                                                                                        • Instruction Fuzzy Hash: 7511D774910209EFDB10DF94DD48B9FBBB5FB08311F2046A9A524B62E1D7B15A91CF84
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 224 401a40-401a5a 225 401a5d-401a77 RtlAllocateHeap 224->225 226 401a85-401a94 call 401e78 225->226 227 401a79-401a82 225->227 230 401ac5-401ac8 226->230 231 401a96-401ac0 call 401e78 226->231 233 401af6-401af9 230->233 234 401aca-401af4 call 401e78 230->234 239 401b4d-401b55 231->239 237 401b11-401b14 233->237 238 401afb-401b0f 233->238 234->239 241 401b16-401b2a 237->241 242 401b2c-401b2f 237->242 238->239 239->225 243 401b5b-401b6b 239->243 241->239 242->239 244 401b31-401b47 242->244 244->239
                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,00000008,00000010), ref: 00401A6D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                                                                                                                                                                        • Instruction ID: 68c0462a3af62cc3e50a8e225ecc1fff045641083c52707b2e4de1a33f1d8fac
                                                                                                                                                                        • Opcode Fuzzy Hash: 3090814481001f51fad53404be7bb9f089635e5ecf5702693e45b6397da5dce2
                                                                                                                                                                        • Instruction Fuzzy Hash: 9F316935A14308DFDB10CF99C488E99F7F1BF24320F15D0AAD508AB2B2D7B59950DB4A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 245 402e10-402e35 247 402e37 245->247 248 402e39-402e4e 245->248 249 402eab-402eb7 247->249 253 402e50 248->253 254 402e52-402e57 248->254 250 402ec5-402eca 249->250 251 402eb9-402ebf 249->251 251->250 253->249 255 402e5c-402e6d 254->255 257 402e70-402e7a 255->257 257->257 258 402e7c-402e8f MoveFileExW 257->258 259 402e91 258->259 260 402e93-402ea9 258->260 259->249 260->249 260->255
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                                                                                                                                                                        • Instruction ID: 64be472d3da9365df722bb42b6a14b0a0006b9682bbf08d732ce7ada7e71b141
                                                                                                                                                                        • Opcode Fuzzy Hash: 2ec2b1c2d5d64686e5e6a52de2e159d7ebe58570cf782c44f0051c3652f2bf9a
                                                                                                                                                                        • Instruction Fuzzy Hash: 8A214C71940208EFDB109F90DE49B9ABB71FF18301F2081BAE505AA2E1D3759E91DF89
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 262 402a78-402a9c call 4028ba 264 402aa3-402ac2 262->264 265 402a9e 262->265 270 402ac4-402ad3 264->270 271 402ad5-402ae0 264->271 266 402b28-402b2c 265->266 267 402b3a-402b40 266->267 268 402b2e-402b34 266->268 268->267 270->266 274 402ae2-402ae8 271->274 275 402aea 271->275 276 402af0-402b1f CreateMutexW 274->276 275->276 276->266 277 402b21 276->277 277->266
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                                                                                                                                                                        • Instruction ID: 5f31ce468cef0475a522e9655e813cee8f96e501922e94d34a843d9ecc1c4f5f
                                                                                                                                                                        • Opcode Fuzzy Hash: 76ac4189c2e983f292498be2e35779ead737e5081f8c929ef40d6d428a78efce
                                                                                                                                                                        • Instruction Fuzzy Hash: A921F974901608EFDB00CF90EA8C79EBB71FF08301F6045A9E5017A2A0D7B95A85DF89
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 279 401474-401488 280 40148a-40148d 279->280 281 4014ac-4014b3 call 4013f8 279->281 282 401493-401498 280->282 285 4014b8-4014d2 LdrLoadDll 281->285 282->282 284 40149a-4014aa call 4013f8 282->284 284->285
                                                                                                                                                                        APIs
                                                                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000000,?), ref: 004014C4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Load
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2234796835-0
                                                                                                                                                                        • Opcode ID: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                                                                                                                                                                        • Instruction ID: 140de97a3c31e0856ca0b204e221eb1e366fb0b1d4fd9a07ba92ba20ce5f8dd4
                                                                                                                                                                        • Opcode Fuzzy Hash: cc821bb6490c49b643c0aee4c8a66cc2fb92e167f5171f05bab2522af16bb81c
                                                                                                                                                                        • Instruction Fuzzy Hash: F7F03C3690020DFADF10EAA4D848FDE77BCEB14314F0041A6E904B7190D238AA099BA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAdjustPrivilege.NTDLL(?,00000001,00000000,00000000), ref: 00402861
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdjustPrivilege
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3260937286-0
                                                                                                                                                                        • Opcode ID: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                                                                                                                                                                        • Instruction ID: 70193a9dbc7aa9cd3770003b3bb97339f6e2972f30e24310785a39762e1cef45
                                                                                                                                                                        • Opcode Fuzzy Hash: b838e4be5c385c0dc624d50355c604d381d153ee0a89857c9e86ae645bc67477
                                                                                                                                                                        • Instruction Fuzzy Hash: B9E0263251821AABCB20A2189E0CBA7739DD744314F1043B6A805F71D1EAF69A0A87DA
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000008,?), ref: 004020D7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000008.00000002.2173302873.0000000000401000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                        • Associated: 00000008.00000002.2173243828.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173363614.0000000000404000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173422855.0000000000405000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        • Associated: 00000008.00000002.2173471028.0000000000406000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_8_2_400000_53F6.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                                                                                                                                                                        • Instruction ID: 701e22a529f931561d5ec47da2ef603e250127bb9ab3ab4db12cbc5835053477
                                                                                                                                                                        • Opcode Fuzzy Hash: 37c2d1e8b064bb17fe79b9677c4ca25dfdae977e826a45f6764b5f2e7935cd48
                                                                                                                                                                        • Instruction Fuzzy Hash: 05D0C97A140609ABC6009F94E949D87F769FF58711B00C6A1BA045B222C630E890CFD4
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%